Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Port 3389 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 3389 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp ms-term-services MS Terminal Services
udp ms-term-services MS Terminal Services
[get complete service list]
Port diary mentions
URL
Virus Alphabet, War!, Port 3389 Spike, WinZip Issues
MS Advisory on the Vulnerability in RDP; Port 3389; FormMail Attempts
Port 3389 terminal services scans
Increased Traffic on Port 3389
User Comments
Submitted By Date
Comment
Scott Fendley 2005-07-17 03:13:54
Potential exploit of Remote Desktop Protocol on Windows Systems. Please see http://isc.sans.org/diary.php?date=2005-07-15 and http://isc.sans.org/diary.php?date=2005-07-16 for more information.
jeff bryner 2002-11-09 21:16:59
See http://www.xato.net/reference/xato-112001-01.txt for a discussion on how terminal services source ip address can be easily spoofed; so don't trust event log entries of connection attempts. Jeff.
Add a comment
CVE Links
CVE # Description
CVE-2001-0540
CVE-2012-0002
CVE-2015-2373 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."