MikroTik

Hi

Is there a way to block RDP password scanners ? Seems that RDP server do not drop the session and there is no new connection every new password, so there not possible to do same way as ssh, limit 3-5 new tcp sesstions per 2-3 minutes and all. RDP server do not logs the source IP on audit failures in case if strong security is used. Is there a way to protect the RDP servers from a password scans?

I don't know of any, but I'm not up-to-date with the latest versions of MS server versions.
An idea would be to blacklist source ip if a lot of connections are made @ rdp port in a small time frame,
and then drop the attempted connections on firewall.
That would limit the problem somewhat.
Even better, you could limit the incoming connections in the firewall to known IPs
if the clients connections from outside have static addresses.
Or, set up some sort of vpn access to the rdp server(s).
From a security perspective an open rdp server is a big no-no.

re-reading your post.. (i'm on the 1st coffee, sorry),
disregard my post on firewalling since there is no new connection.

You can use this free tool, it works well.

http://www.terminalserviceplus.com/rdp-defender.php

Rdp Tool is not works at all because the logs do not contains the src ip address in case if strong security is used

Then you will not be able to block brute force attacks.