dnswatchdog.iodocs
Issues

Port 3389: RDP

Open Remote Desktop Protocol port detected on a publicly accessible host.

Severity: Warning | Port: 3389

What is RDP?

RDP (Remote Desktop Protocol) is a Microsoft protocol that lets you connect to and control a Windows computer remotely with a full graphical desktop. It is widely used by IT teams to manage Windows servers and by employees to access their work computers from home. RDP listens on port 3389 by default.

Why this is a problem

RDP exposed to the internet is one of the most common entry points for ransomware attacks. Attackers use brute-force tools to guess passwords, exploit known RDP vulnerabilities (like BlueKeep), or purchase stolen credentials on the dark web. Once inside via RDP, attackers have full desktop access and can install malware, exfiltrate data, or encrypt files for ransom.

What you should do

  • Do not expose RDP directly to the internet
  • Require users to connect through a VPN or use a Remote Desktop Gateway
  • Enable Network Level Authentication (NLA) to require authentication before a session is established
  • Use multi-factor authentication for all RDP access
  • Keep Windows systems patched against known RDP vulnerabilities
  • Monitor for failed login attempts and lock accounts after repeated failures

Port 3306: MySQL

Open MySQL port detected on a publicly accessible host.

Port 5432: PostgreSQL

Open PostgreSQL port detected on a publicly accessible host.

On this page

What is RDP?Why this is a problemWhat you should do