As one of the most popular remote desktop protocols used by businesses, RDP is also a prime target for attackers. As such, it’s important for organizations to understand how to detect RDP proxies and take steps to prevent these attacks from happening.
How to detect RDP proxies is a Windows computer-to-computer communications protocol that allows users to control another computer remotely, as if they were sitting in front of it. RDP uses a virtual channel over the Internet to transmit keyboard and mouse activity, as well as the display of the desktop. The user can then interact with the desktop and applications, including launching and running Windows applications.
Detecting RDP Proxies: Tools and Techniques
Because the keyboard and mouse activity has to be encrypted and transmitted over the Internet, RDP connections can experience slight delays. This is because the keyboard and mouse actions have to be translated into commands that are executed by the computer they’re connecting to. Then, the desktop display has to be transmitted back to the user. This can add a few milliseconds to each interaction.
If your organization uses Citrix ADC Rewrite, you can publish an RDP Proxy link via StoreFront that can be clicked by a user to connect to a remote desktop session. The URL is /rdpproxy/MyRDPServer using IP or DNS (FQDN). When the user clicks the link, the Authenticator Gateway VIP receives a request in the format https://vserver-vip/rdpproxy/rdptarget/listener, with information about the RDP server in the form of an RDP server profile.