Am I getting attacked on port 3389?
Results 1 to 6 of 6

Thread: Am I getting attacked on port 3389?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jun 2013
    Posts
    1

    Am I getting attacked on port 3389?

    Hi all,

    Thanks in advance for helping me out.

    I was hoping someone could take a look at the attached screenshot. It appears someone or something from China, Iceland, and other outside country IPs are trying to connect on port 3389. I know port 3389 is used for RDP and I can tell you there is no need for this service on this particular network. The foreign IPs and RDP leads me to believe something malicious is being attempted. Is the firewall doing it's job? Should I be worried? Should I simply block every foreign IP I see?

    What has me confused is:

    - Port 3389 should be closed, but it's still being attacked?
    - The device ending in .115 is an android device and has since been removed from the network. Why would an andriod device be targeted?
    - What exactly does "SYN_SENT" mean? Should I only be worried is a connected gets "ESTABLISHED"?

    THANK YOU for the help. I've been stressing all week!

    networkshot.jpg

  2. #2
    Administrator
    Join Date
    Apr 2011
    Location
    USA
    Posts
    238
    Ya... Established would be a bad thing... Odds are that if you look in Event Viewer you'll see that the "attempt" to log in failed.

    There's nothing you can do to avoid attempts to connect. Hackers write programs to automatically call out to random IP address and attempt to connect to machines. The programs do nothing but try and connect 24/7/365.

  3. #3
    Super Moderator
    Join Date
    May 2012
    Posts
    233
    Got a router?
    They help stop stuff like that if set up properly.

  4. #4
    Junior Member ghostinshell's Avatar
    Join Date
    Feb 2014
    Posts
    18
    yea, for home get a router they all have a built in firewall. and for your laptop just make sure the firewall is on....

  5. #5
    Junior Member
    Join Date
    Mar 2014
    Posts
    2

    Unhappy

    Android U say issed: ... I guess you guy's missed the latest leaks on how the government and it's security guru's have destroyed the internet whilst trampling all over the civil liberties and rights of the entire free world.

    Look, I wont lie to you, android is ****, it has no security, what security do you really expect to get out of a Linux box that runs everything in a Chroot (Fake root) shell whilst getting you to agree to having all your SMS, eMail, Files etc looked at by some third party application?

    Do you think the fact the system has no GUID on its particion table is just a mistake?

    Do you really believe that prior to 9/11 every phone had a DoD CA-root Certificate?

    What has slowly emerged out of the wash of online survailence that has slowly been hitting the newspapers, are the following disgusting & disturbing facts.

    The fed's have tapped the phiber optic cables at the bottom of the Sea-Bed, they then forced everyone who has RSA SSL keys to hand them over. Security & Privacy as you used to know it .. on the internet .. is almost completely gone.

  6. #6
    Junior Member ghostinshell's Avatar
    Join Date
    Feb 2014
    Posts
    18
    fusiomax20;

    I am not sure, this thread is the right place for that post. maybe open a new thread...

    We (those in the IT ind) have known for many years the NET is the wild west. the only difference now is so do you....

Similar Threads

  1. Windows NT 3389
    By sdr8 in forum Site Feedback/Questions/Suggestions
    Replies: 4
    Last Post: January 31st, 2003, 10:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides