Port 3389 / terminal services scans

Published: 2011-08-03
Last Updated: 2011-08-03 16:15:13 UTC
by Johannes Ullrich (Version: 1)
5 comment(s)

Thanks to Pat for pointing out a sharp increase in the number of sources scanning for port 3389 [1].

Port 3389 / TCP is used by Microsoft Terminal Services, and has been a continuing target of attacks. If you have any logs you want to share, please submit them via our contact page . In particular if you observed anything different the last couple days.

[1] https://isc.sans.edu/port.html?port=3389

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: 3389 rdp
5 comment(s)
Diary Archives