[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

MiTM Attack on RDP using Whonix?

Hello guys,

this isn’t specifically Whonix related but as the Tor forum is archived I hope it’s the right section for my post.
For some months now I’m using Whonix to connect to an RDP anonymously, without an .onion service installed so every time I use exit nodes.

Well the following weird thing have happened:

The SSL certificate suddenly changed when I established a new connection to the rp, I don’t know who was the issuer but I haven’t changed anything on that RDP.

I declined and restarted TOR, I go no new SSL certificate confirmation/ question.

I assume this is an MiTM attack to sniff RDP connections? Question is now, was this a broad attack or could I be targetted specifically?

I don’t know. It’s a general Tor question and therefore you could use:

https://www.whonix.org/wiki/Free_Support_Principle

Yes sounds like MITM.

What difference does it make? Your servers integrity would be violated either way. If you think you are targeted you should make use of onions again.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]