Windows RDP Servers Targeted In DDoS Attacks

Windows RDP Servers Targeted In DDoS Attacks

Windows RDP Servers Exploited for DDoS Attacks

Windows Remote Desktop Protocol (RDP) servers are being used to weaponize ‘Distributed Denial of Service’ (DDoS) attacks. By default, the default TCP 3389 and / or UDP 3389 provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.

These default ports, if used, are much easier to identify on remote networks (including over the internet) and from that those systems can be susceptible to ‘Distributed Denial of Service’ (DDoS) attacks.

What is a Distributed Denial of Service (DDoS) attack?

Distributed denial-of-service attacks target websites and online services. The aim is to overwhelm the processes running on them with more traffic than the server or network can accommodate, and therefore causing an outage or critical loss of service. Pinging a server from a single source will not cause a DDoS attack, but amplify that several thousand times by threat actors and severe loss of service can occur.

Rob Brown, Head of Customer Success said, “Back in February 2020, last year we learned a DDoS attack crippled Amazon Web Services. This has been recorded as the largest DDoS attack in history.”

How to Prevent RDP Attacks

No server with Remote Desktop Services running should be configured with the default port and we recommend changing it immediately. With Syxsense Secure, you can scan every device and easily identify which devices need to be corrected.

The following Powershell command will change the port to another selected port — we recommend using a nonstandard port.

If you are using Syxsense Manage or Syxsense Secure, you can deploy these Powershell scripts right from the console.

Get-ItemProperty -Path
ServerWinStationsRDP-Tcp’ -name “PortNumber”

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.