On Publishing RDP to the internet

July 15, 2016

This graph shows the difference between the attacks on a publicly published RDP server, and one that is not published on port 3389. On the left, we have the report from 1 year ago before deciding to close the port, on the right we have the graph on the same address today. Not shown here: the number of attacks have decreased significantly.


Ref: SingCERT advisory "Kaspersky Report on Compromised RDP Servers - "The xDedic Marketplace"
https://www.csa.gov.sg/singcert/news/advisories-alerts/kaspersky-report-on-compromised-rdp-servers
In essence a number of public facing IP addresses, notably some in Singapore, are on a list for sale in the black market, presumably because their administrator passwords have been compromised through brute force.

 

 

Please reload

Featured Posts

Firewall to Azure Site to Site VPN

April 16, 2019

1/3
Please reload

Recent Posts
Please reload

Archive
Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

 © 2020 by IT Re-engineering Pte Ltd | Privacy Policy   Terms of Use