M$ Windows Server 2016 Standard
Have M$ Windows 2016 Standard server running on a Dedicated Server on KimSufi. Lately, i have not been able to access it via RDP.. it continuously drops of saying “An internal error has occurred”.
So, without any KVM/ IPMI, i login to the admin panel and restart the server and I can login. This works as there isn't much mission critical running, but, just a long process to get the system up and running.
So, after some digging, I saw that there are several RDP connections happening every minute...
netstat -n | find ":3389" | find "ESTABLISHED" shows a bunch of established connections...
Event Viewer shows:
"The RD Session Host server received large number of incomplete connections. The system may be under attack." multiple times (on the top of the hour mainly).
What are different ways to protect this box? Is there anything like Fail2Ban or similar for M$ Windows Server?