System administrators can configure RDP to run on TCP port 3389 and/or UDP port 3389.Īttackers can send the amplified attack traffic, which is comprised of non-fragmented UDP packets that originate at UDP port 3389, to target a particular IP address and UDP port of choice, researchers said.
#Ddos attack tool for windows windows#
RDP is a part of the Microsoft Windows OS that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers. This means “the general attacker population” can also use this mode of amplification to add heft to their DDoS attacks. What’s more, while initially only advanced attackers with access to “bespoke DDoS attack infrastructure” used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called “booters,” they said. This risk was highlighted earlier this week when researchers identified a new malware variant dubbed Freakout adding endpoints to a botnet to target Linux devices with DDoS attacks.
Netscout so far has identified more than 14,000 “abusable” Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic. It’s possible only when the service is enabled on port UDP port 3389 running on standard TCP port 3389, researchers said. However, not all RDP servers can be used in this way. Cybercriminals can exploit Microsoft Remote Desktop Protocol (RDP) as a powerful tool to amplify distributed denial-of-service (DDoS attacks), new research has found.Īttackers can abuse RDP to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1, principal engineer Roland Dobbins and senior network security analyst Steinthor Bjarnason from Netscout said in a report published online this week.
0 kommentar(er)
