Windows RDP servers are being abused to amplify DDoS attacks

Windows RDP servers are being abused to amplify DDoS attacks
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.
January 22, 2021 -- 05:30 GMT (21:30 PST)
| Topic: Security
Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Netscout said in an alert on Tuesday.
Not all RDP servers can be abused, but only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.
Netscout said that attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected to the target of a DDoS attack, amplified in size, resulting in junk traffic hitting the target's system.

Related Keywords

, Web Services Dynamic Discovery , Apple Remote Management Service , Windows Remote Desktop Protocol , Constrained Application Protocol , வலை சேவைகள் மாறும் கண்டுபிடிப்பு , ஆப்பிள் தொலைநிலை மேலாண்மை சேவை , ஜன்னல்கள் தொலைநிலை டெஸ்க்டாப் ப்ரோடொகால் ,