I work for a small IT support company in the UK. We recently took on a new client and during the audit I saw that the previous IT support provider (a very large well known company in the UK) had allowed 3389 through the firewall onto the SBS server on the LAN. Not good. I disabled this and continued my work.
Part way though the audit I needed to access the SBS server (internally) and fired up Remote Desktop client on one of the office PC's as the server was in another part of the building. Pre-populated in the cache of old RDP connections were a number of public IP addresses. Being curious I decided to check these to see what they were. One of these took me to another SBS server for another company. I can only assume that the previous IT support provider needed to do some work for another client whilst on this site so just RDP's though. To me this is very, very bad practice.
I've googled the domain name that was provided at the RDP logon page and found the company that have their server available to all and sundry over 3389.
Should I contact this company and tell them what their current provider has done? If I do would it be bad form to try and sell them support from us given that the current provider is clearly not interested in security at all?