Windows Remote Desktop Protocol servers are abused by attackers to amplify DDOS attacks

The Microsoft Remote Desktop Protocol service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure access to Windows servers.

Attackers found a way to abuse the new UDP amplification attack vector by targeting Windows servers with RDP enabled on UDP/3389 have an amplification ratio of 85.9:1 and peak at ~750Gbps.

According to Netscout advisory, there are 14.000 vulnerable Windows RDP servers that are reachable over the Internet.


Read More

Got Something To Say?

Your email address will not be published. Required fields are marked *