Windows Remote Desktop servers now used to amplify DDoS attacks


Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks.

The Microsoft RDP service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure (VDI) access to Windows servers and workstations.

Attacks taking advantage of this new UDP reflection/amplification attack vector by targeting Windows servers with RDP enabled on UDP/3389 have an amplification ratio of 85.9:1 and peak at ~750 Gbps.

Around 14,000 vulnerable Windows RDP servers are reachable over the Internet according to a Netscout advisory published earlier today.

Read more…
Source: Bleeping Computer