2X Forums

[bigmistake]

....would be nice, i.e. *.sttl.wa.verizon.net, since so many big ISPs have lots of different netblocks, making it impossible to cover all the ips with wild cards.

[davidsaliba]

Can you describe this in a bit more detail , sounds interesting ..

[mnix]

I think bigmistake is asking for a feature that does a reverse DNS lookup on the public IP address and checks the hostname returned. This is possible - so is fixing the IP filters to work with the public IP of the client - the info is available, but SecureRDP is just looking in the wrong place - inside the RDP protocol data, rather than querying the operating system for the remote IP address of the connection.

[davidsaliba]

The feature of ip filters is more designed to work in a LAN than anywhere else this will usually ensure that connections are coming from clients in the right departments.

Over the net the system is too easy to block or cheat so I think it's a bit messy in reality, though in principle possible.

The ip comes from the connection socket not from the protocol.

Any proxies or gateways can affect it. And all you will get is the IP of the proxy not the client.

I would not suggest using that kind of filtering for security use user based security.

[tatoosh]

I also need to use DNS Name instead of IP Filter.

By using a no-ip.com update client, i can verify that i am the only one who can access to my rdp at home.
I tried to modify the registry settings from IP to DNS but how is it encoded ??
it would be great if i can use my no-ip.com name on my mobile pc to block all other pcs - i would also pay for that feature!

king regards, tatoosh