I’ve recently dug into my firewall logs and the most traffic I seem to receive from internet is targeting port 3389.
While I could just blacklist the source IPs and call it a day, I would like to actually listen on this port and “trap” them in a fake RDP connection.
There are tools like endlessh, and I’ve found that you can do the same for http by sending an endless stream of headers. I would like to do the same for RDP, and before I start digging into the whole spec, I was wondering if there is already something similar for RDP.
Is anyone aware of that ? Is that even a thing ?
Docker is not very unsafe at all. Although something like podman would be better.
It’s not as safe as people expect it to be either. Container breakouts are very much a thing and not necessarily relegated to those that did something stupid in configurations