Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 3389 (tcp/udp) Attack Activity Port 3389 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
[get complete service list]
Port Information
Protocol Service Name
tcp ms-term-services MS Terminal Services
udp ms-term-services MS Terminal Services
Top IPs Scanning
TodayYesterday (2080) (4840) (1535) (2842) (1250) (1528) (1194) (1441) (1069) (1245) (773) (887) (643) (777) (556) (719) (549) (643) (487) (636)
Port diary mentions
Virus Alphabet, War!, Port 3389 Spike, WinZip Issues
MS Advisory on the Vulnerability in RDP; Port 3389; FormMail Attempts
Port 3389 terminal services scans
Increased Traffic on Port 3389
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
User Comments
Submitted By Date
Scott Fendley 2005-07-17 03:13:54
Potential exploit of Remote Desktop Protocol on Windows Systems. Please see and for more information.
jeff bryner 2002-11-09 21:16:59
See for a discussion on how terminal services source ip address can be easily spoofed; so don't trust event log entries of connection attempts. Jeff.
Add a comment
CVE Links
CVE # Description
CVE-2015-2373 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."