Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Port 3389 / terminal services scans InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 3389 / terminal services scans

Published: 2011-08-03
Last Updated: 2011-08-03 16:15:13 UTC
by Johannes Ullrich (Version: 1)
5 comment(s)

Thanks to Pat for pointing out a sharp increase in the number of sources scanning for port 3389 [1].

Port 3389 / TCP is used by Microsoft Terminal Services, and has been a continuing target of attacks. If you have any logs you want to share, please submit them via our contact page . In particular if you observed anything different the last couple days.

[1] https://isc.sans.edu/port.html?port=3389

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: 3389 rdp
5 comment(s)
Diary Archives