Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Port 3389 (tcp/udp) Attack Activity Port 3389 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
[get complete service list]
Port Information
Protocol Service Name
tcp ms-term-services MS Terminal Services
udp ms-term-services MS Terminal Services
Top IPs Scanning
TodayYesterday (1) (3381) (1) (1560)
Port diary mentions
Virus Alphabet, War!, Port 3389 Spike, WinZip Issues
MS Advisory on the Vulnerability in RDP; Port 3389; FormMail Attempts
Port 3389 terminal services scans
Increased Traffic on Port 3389
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
User Comments
Submitted By Date
Scott Fendley 2005-07-17 03:13:54
Potential exploit of Remote Desktop Protocol on Windows Systems. Please see and for more information.
jeff bryner 2002-11-09 21:16:59
See for a discussion on how terminal services source ip address can be easily spoofed; so don't trust event log entries of connection attempts. Jeff.
Add a comment
CVE Links
CVE # Description
CVE-2015-2373 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."