‘More and more ddos ​​attacks via udp amplification on Remote Desktop Protocol’

Spread the love

Criminals are increasingly using the Remote Desktop Protocol on Windows to carry out DDOs attacks. For the execution of amplification and reflection attacks, computers are increasingly sought after that protocol is open.

Ddos attackers are increasingly scanning for RDP ports that are open, security company Netscout writes in a report. The attackers thus send udp packets to the udp ports of servers on which the Remote Desktop Protocol is open. According to the researchers, Rdp is only exploited if udp port 3389 is open on the server. Attacking the protocol reinforces a ddos ​​attack, also known as an amplification attack. In such attacks, a small packet can still be used to generate a lot of traffic.

According to Netscout, an amplification attack via rdp has a gain of 85.9. For comparison, a dns amplification attack is one with a factor of 180, and an ntp amplification one with a factor of 550.

The researchers say that rdp amplifications have been added to well-known booters, which can be bought for little money. With such ddos-as-a-service packages, attackers can easily execute ddos ​​without having to arrange the infrastructure themselves. Netscout says that at least 14,000 rdp servers worldwide have their udp port 3389 open. The security company advises companies to take the systems offline or put them behind a VPN.

You might also like
Exit mobile version