this isn’t specifically Whonix related but as the Tor forum is archived I hope it’s the right section for my post.
For some months now I’m using Whonix to connect to an RDP anonymously, without an .onion service installed so every time I use exit nodes.
Well the following weird thing have happened:
The SSL certificate suddenly changed when I established a new connection to the rp, I don’t know who was the issuer but I haven’t changed anything on that RDP.
I declined and restarted TOR, I go no new SSL certificate confirmation/ question.
I assume this is an MiTM attack to sniff RDP connections? Question is now, was this a broad attack or could I be targetted specifically?