InfoSec Handlers Diary Blog - Port 3389 / terminal services scans

SANS ISC: InfoSec Handlers Diary Blog - Port 3389 / terminal services scans

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Port 3389 / terminal services scans

Published: 2011-08-03
Last Updated: 2011-08-03 16:15:13 UTC
by Johannes Ullrich (Version: 1)

Thanks to Pat for pointing out a sharp increase in the number of sources scanning for port 3389 [1].

Port 3389 / TCP is used by Microsoft Terminal Services, and has been a continuing target of attacks. If you have any logs you want to share, please submit them via our contact page . In particular if you observed anything different the last couple days.

[1] https://isc.sans.edu/port.html?port=3389

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: 3389 rdp

5 comment(s)

Top of page

Diary Archives