When traveling I would like to connect to my home desktop PC via Remote Decktop. My home PC (XP Pro)sits behind a Linksys WRT54G router and uses DHCP (192.168.1.X). My travel laptop also uses XP Pro. Using the computer name I have no trouble connecting to the home desktop PC when I am at home but can I connect to it while outside my local network? If so, how?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Remote Desktop to PC behind router 2
- Thread starter rvdurham
- Start date
-
2
- #2
Forward port 3389 on the router to your desktop IP address (if there are only 2 machines it's not likely to change). Then, when you're away you can either use the Remote Desktop Client to access your router's public IP address or set up a Dynamic DNS service like or
- Thread starter
- #3
Ok, I've forwarded port 3389 and used nmap to double check that it is open. I've also setup a dyndns for the router IP address. From a security standpoint is it better to enable remote admin on the router and enable the port forwarding on an as needed basis, or disable remote admin and leave the port open? Thanks for you help.
I suppose that depends on your asessment of your risk. Here are the combinations:
1) port 3389 always open on the router, remote admin disabled, remote desktop enabled.
A) port 3389 would be visible to anyone scanning your public IP address, so an attacker would know that you're there.
B) attacker would have to guess or brute force crack a valid username & password on the windows machine or take advantage of some exploit before it was patched automatically.
C) if exploited or comprimised, it's likely that the entire computer would be accessible.
2) port 8080 (or whatever) always open on the router, but nothing else externally accessible.
A) port 8080 would be visible.....
B) attacker would have to guess or brute force crack a valid password (I don't think that username does anything on this device) or take advantage of some exploit before it was patched manually.
C) if exploited or comprimised, the entire router would be accessible which means that RD 3389, Windows File Sharing 135 & any other port could be forwared to the computer that's on & listening for connections.
So, my thoughts are that you're probably more secure by leaving RD open & closing the router admin. To help secure things just a little further, you can change the RD listening port
1) port 3389 always open on the router, remote admin disabled, remote desktop enabled.
A) port 3389 would be visible to anyone scanning your public IP address, so an attacker would know that you're there.
B) attacker would have to guess or brute force crack a valid username & password on the windows machine or take advantage of some exploit before it was patched automatically.
C) if exploited or comprimised, it's likely that the entire computer would be accessible.
2) port 8080 (or whatever) always open on the router, but nothing else externally accessible.
A) port 8080 would be visible.....
B) attacker would have to guess or brute force crack a valid password (I don't think that username does anything on this device) or take advantage of some exploit before it was patched manually.
C) if exploited or comprimised, the entire router would be accessible which means that RD 3389, Windows File Sharing 135 & any other port could be forwared to the computer that's on & listening for connections.
So, my thoughts are that you're probably more secure by leaving RD open & closing the router admin. To help secure things just a little further, you can change the RD listening port
- Status
Similar threads
- Locked
- Question
- Locked
- Question