Security News > 2021 > January > Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks
Windows admins can configure RDP to run on TCP port 3389 or UDP port 3389, and if the latter is enabled, the system can be abused to launch DDoS attacks that have an amplification ratio of 85.9:1.
The company has reported seeing roughly 14,000 unprotected RDP servers that can be abused for such attacks.
According to NETSCOUT, DDoS attacks that abuse RDP have already been used by DDoS-for-hire services.
The firm has observed attacks ranging between approximately 20 and 750 Gbps. Organizations whose RDP servers are abused for DDoS attacks may experience partial or full disruption to important remote access services, and blocking traffic on UDP port 3389 may not be a good solution as it can lead to legitimate traffic getting blocked as well.
Enterprises have been advised to identify potentially abusable Windows RDP servers on their own networks and the networks of downstream customers, and take action to mitigate the risk.
Administrators should either stop running the RDP service on UDP or place servers behind VPN concentrators to reduce the risk of abuse.
News URL
Related news
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)