Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 3389 / terminal services scans

Published: 2011-08-03
Last Updated: 2011-08-03 16:15:13 UTC
by Johannes Ullrich (Version: 1)
5 comment(s)

Thanks to Pat for pointing out a sharp increase in the number of sources scanning for port 3389 [1].

Port 3389 / TCP is used by Microsoft Terminal Services, and has been a continuing target of attacks. If you have any logs you want to share, please submit them via our contact page . In particular if you observed anything different the last couple days.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: 3389 rdp
5 comment(s)
Diary Archives