Ask HN: Virtual Desktop is a hacker tool?
Windows and Linux remote/virtual desktop products are readily available from multiple providers.
How do you defend against hackers using these to attack your SaaS server? You can't block a single IP because they are dynamic. You can't block the address range because some IPs are legitimate users.
4 comments
[ 0.18 ms ] story [ 17.6 ms ] threadThis is a broad question. There are multiple ways to defend, besides basic security like firewalls. Blocking nefarious IPs or domains only gets you so far, as something will slip through the cracks. Try reading this: https://opsec101.org/
They keep trying to brute force a login. I block them after too many attempts but they just switch to a different IP in the same address range assigned to MS Virtual Desktop.
As explained in the original post, blocking an individual IP is ineffective and blocking the entire range is impractical because other legitimate customers use Virtual Desktop too.
I was hoping to avoid it but 2FA looks like the most reasonable solution.