Rapid7 said any of the exposed endpoints are not protecting their services through basic firewall rules or access control lists. Rapid7 suggested that the final tally of 11 million endpoints - with 4.1 million speaking via the protocol - is shockingly high.
Researchers counted responses that appeared to come from RDP-speaking endpoints, including error messages from possible configuration issues and success messages.
Tcp port 3389 remote desktop series#
The firm used its Sonar research tool and a series of scans, connections and exchanges to analyze the number of systems that exposed RDP across the internet. Rapid7 researchers were keen to discover which protocols were putting potentially open endpoints at risk. Its popularity to attackers was demonstrated in June last year when Kaspersky Lab researchers found a cybercriminal trading platform called xDedic that was selling access to more than 70,000 compromised RDP servers. However, the protocol is often exposed in internal networks due to its ability to simplify administration and support issues. Newer versions require network level authentication by default, which acts as a boon to security. Microsoft has published 20 security updates for the protocol since 2002 and as many as 24 individual vulnerabilities, Rapid7 reported. Its strengths make it a very popular management tool, but it is also a popular focus for cybercriminals.
Tcp port 3389 remote desktop windows#
Support for the protocol has been a feature in almost every version of the Windows operating system (OS) since the introduction of Windows NT. RDP is a proprietary protocol from Microsoft that gives users the opportunity to access a graphical interface so they can control computers over a network remotely. More than 4.1 million of these open ports were using the protocol to communicate in one form or another. Millions of ports are being left open online, and many of these are being exposed to potential attackers through the remote desktop protocol (RDP).Īn internetwide scan by researchers at Rapid7 discovered that there were more than 11 million devices with open 3389/TCP endpoints.
0 kommentar(er)
