[get complete service list]
Port Information
Protocol Service Name
tcp ms-term-services MS Terminal Services
udp ms-term-services MS Terminal Services
tcp ms-wbt-server MS WBT Server
udp ms-wbt-server MS WBT Server
Top IPs Scanning
Today Yesterday (3440) (7129) (2962) (6154) (857) (1765) (821) (1676) (759) (1396) (742) (1343) (718) (1269) (682) (1161) (537) (1010) (489) (980)
Port diary mentions
Virus Alphabet, War!, Port 3389 Spike, WinZip Issues
MS Advisory on the Vulnerability in RDP; Port 3389; FormMail Attempts
Port 3389 terminal services scans
Increased Traffic on Port 3389
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
User Comments
Submitted By Date
Scott Fendley 2005-07-17 03:13:54
Potential exploit of Remote Desktop Protocol on Windows Systems. Please see http://isc.sans.org/diary.php?date=2005-07-15 and http://isc.sans.org/diary.php?date=2005-07-16 for more information.
jeff bryner 2002-11-09 21:16:59
See http://www.xato.net/reference/xato-112001-01.txt for a discussion on how terminal services source ip address can be easily spoofed; so don't trust event log entries of connection attempts. Jeff.
CVE Links
CVE # Description
CVE-2012-0002 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."