alt Hacker NewsTo be honest, three nested RDPs sound like a terrible hack. In an ideal world, this would be two port forwardings and one RDP (thinking about ssh, which is still underrepresented in windows world). In an even more ideal world, this would be an IPv6 direct access ;-)
Replies
orisho • today at 2:26 PM
It's probably there not as a way to connect networks, but as a way to keep them separate, only allowing RDP between specific computers on different networks.
There are legit reasons, at least for two nested sessions. A production network that’s airgapped except for a bastion host that acts as a gateway. It’s better than port forwarding because you have to auth to the bastion host before the RDP chaining, and it often takes separate credentials for the second RDP session.
It’s a semi-common setup for higher security environments, and when you have a network of stuff that has known vulnerabilities you can’t patch for whatever reason. Traffic in and out is super carefully firewalled. It’s not great, but it’s better than a 25 year old MySQL with a direct public IP.