Security

Reply
Occasional Contributor II

Clearpass RDP

Hi, I've just been looking at traffic logs for our clearpass server and noticed something odd. Its trying to RDP out to the private address range 172.16.x.x, cycling through each IP address one at a time. Is this normal behaviour?
Guru Elite

Re: Clearpass RDP

ClearPass does not use the remote desktop protocol.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass RDP

Do you know what it would be doing on port 3389?

Guru Elite

Re: Clearpass RDP

Are you doing any subnet scanning in ClearPass? It could be nmap attempting to probe hosts to profile them.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass RDP

Nmap profiling appears to be off currently.

Highlighted
Guru Elite

Re: Clearpass RDP

Best to work with TAC then.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: