# rdp server for Linux

## depontius

This morning at 7:30 I got another one of those ubiquitous phone calls from India, warning me about my Windows computer.

I know that there is "xrdp" for Linux, but that's not quite what I want.  I want a semi-malicious rdp server that will crash any Windows machine that attempts to connect to it with an rdp client.  I suspect that a large number of people across the US, maybe Europe too, would like this as well.  All I want to do is crash the connecting machine, if I were really malicious I'd want to brick it.

Pardon me please, just venting a bit.  Take this as humor, I'm sure you've all received too many of these calls, too.  I know that asking for such software is wrong, and this is the wrong place to do so anyway.  Perhaps I'm really seeking commiseration.

----------

## eccerr0r

LOL

yeah that would be fun to setup a honeypot for humans :)

----------

## depontius

I was out this morning describing this to my wife, and then started wondering if I could set up a tarpit on the rdp port.  Not as good as crashing the "Windows helper", but still annoying.

----------

## eccerr0r

Need to find some exploits in the windows client is the other problem.  Probably spamming it with everchanging data from xrdp probably isn't sufficient...

Yeah, tarpitting the rdp port to a fake rdp server (using Linux) might be interesting...

----------

## Jaglover

I wonder where from they get the contact information. From Microsoft? I've never received a call like this, is it because I haven't used MS products for over 12 years now?

----------

## depontius

I don't know where they get their info.  I bought a Win98SE upgrade license one or two years ago, and last summer I bought a Thinkpad that came with Windows 7, which I've only ever booted a few times since.

I think they're just calling every land line.  Are you a cord-cutter, Jaglover?  Are you in the US?

I looked into tarpitting briefly.  It's almost as bad for you as it is for them, since it ties up TCP connection resources.  If I were to do it, I'd do it just for RDP, and normally leave it turned off, until getting the call.  The second part would probably be getting on 4-chan, if only to post their IP address.  I'm not sure of any better place to post an "India Windows Help IP address."

----------

## Jaglover

Always had a landline, still do. In the USA, yes. I have registered at nocall registry, but I do not think those dudes care about it. I think they are hacking into Microsoft to get the user data. Do you have reveal your phone # when you register with MS?

----------

## eccerr0r

I think these calls are random, they indeed disregard DNC and simply assume you run Windows because it is still the most popular PC hardware OS...

I'm sure next they'll attempt to do the same on Android or iOS phones but this is harder, probably only a 50/50 chance of getting it right, plus most phone ISPs firewall their phones - best they can do is try to get you to download a trojan horse.

At this point if I were to get such call I'd just hang up on them.  No sense to deal with their BS, though it would be funny if you had a windows machine that always brought up a dialog box "Error!" whenever they did something no matter what they do, that would be hilarious.

----------

## JeroenMathon

@OP

Long story short you would need to find an exploit in order to do that.

Most VNC clients cannot cause its host machine to crash(Unless you do some heft modifications).

The reverse might be possible(using a client to crash a server) but most VNC servers have already been patched for that exploit.

----------

## eccerr0r

Actually what would make it frustrating is make the RDP server drop connection every couple of seconds... that would really frustrate the remote hacker.

Then again if they hack via script...this may not be as effective.

----------

## 1clue

The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.

I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.

And of course monitor it.

But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway...

----------

## JeroenMathon

 *1clue wrote:*   

> The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
> 
> I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
> 
> And of course monitor it.
> ...

 

Arent there free OpenSource solutions you can use that listen on the same protocol.

----------

## 1clue

 *JeroenMathon wrote:*   

>  *1clue wrote:*   The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
> 
> I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
> 
> And of course monitor it.
> ...

 

Sure.  Since we're all griping about a hypothetical honey trap to (in other cases) crash the remote client or (in my case) waste monumental amounts of time for the intruder the needs of the server would vary quite a bit.

In the first case (crashing the client) you could try that on any platform.  In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time.

I can't say what anyone else will do, but my solution is pure fantasy. It's not going to happen, I'm not spending $100 usd to get a license just so I can watch intruders mess it up, let alone put in the work to make an error-injecting proxy.

----------

## JeroenMathon

 *1clue wrote:*   

>  *JeroenMathon wrote:*    *1clue wrote:*   The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
> 
> I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
> 
> And of course monitor it.
> ...

 

Then i recommend that you apply a whitelist.

----------

## 1clue

Are you talking to me, or to the OP?

I don't have any windows systems exposed to the outside world.  I have no need of a whitelist.

----------

## szatox

 *Quote:*   

> . In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time. 

 Just make id display loading screen  :Laughing: 

----------

