MiTM Attack on RDP using Whonix?

Hello guys,

this isn’t specifically Whonix related but as the Tor forum is archived I hope it’s the right section for my post.
For some months now I’m using Whonix to connect to an RDP anonymously, without an .onion service installed so every time I use exit nodes.

Well the following weird thing have happened:

The SSL certificate suddenly changed when I established a new connection to the rp, I don’t know who was the issuer but I haven’t changed anything on that RDP.

I declined and restarted TOR, I go no new SSL certificate confirmation/ question.

I assume this is an MiTM attack to sniff RDP connections? Question is now, was this a broad attack or could I be targetted specifically?

I don’t know. It’s a general Tor question and therefore you could use:

Free Support for Whonix ™

Yes sounds like MITM.

What difference does it make? Your servers integrity would be violated either way. If you think you are targeted you should make use of onions again.

1 Like