Can the port range used for RDP UDP communication be configured?

Question:

For Remote Desktop connections I've found that the RDP initiator machine connects to the RDP client on UDP 3389. The RDP client machine then sends packets back to the RDP initiator on a random UDP port within the Dynamic/Private range (49152 - 65535), not solely 3389. My question is, can this range be changed to use a single port or a different range of ports? 

Background:

We require filtering of outbound ports for compliance purposes. Due to the large range it creates issues for our customers, they have to document and explain the large range to auditors. We want to enable the UDP communication as it does show a noticeable performance increase for RDP connections even on the local LAN. 

Also, I am curious to know why a range is used for egress UDP traffic and not TCP 3389 egress traffic. 

Thanks for any insight, 

Dan

June 18th, 2015 11:16am

Hi,

In my opinion, the reason why use range UDP is depends on its character:

UDP is simple and cost less resource during network transmission but doesn't make error packagechecking.

See:http://blogs.technet.com/b/windowsserver/archive/2012/05/09/windows-server-2012-remote-desktop-services-rds.aspx

Free Windows Admin Tool Kit Click here and download it now
June 19th, 2015 8:45am

I am currently using RDP.

As far as I can see I am connected to port TCP/3389, not UDP.

  TCP    10.1.1.51:3389      VM1:52171        ESTABLISHED

If you are using RDP on patched OS, your are OK as far as security is concerned. There have been security issue in previous OS's (Windows 2000, 2003, unencrypted network traffic), but that was fixed.

June 19th, 2015 10:06am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics