Port 3389 (RDP)

TCP

Remote Desktop Protocol — RDP listens on port 3389 by default. It can be changed via Windows Registry or Group Policy.

What is Port 3389?

Port 3389 is the default port for RDP (Remote Desktop Protocol), Microsoft's proprietary protocol for remote graphical desktop access to Windows systems. RDP allows users to control a remote computer as if they were sitting in front of it.

RDP on port 3389 provides full graphical desktop access, including support for audio, clipboard sharing, printer redirection, and multi-monitor setups. The protocol uses TLS encryption for session security and supports Network Level Authentication (NLA) for pre-session authentication.

Port 3389 is one of the most targeted ports by attackers for brute-force and credential stuffing attacks. The BlueKeep vulnerability (CVE-2019-0708) demonstrated the severity of RDP security issues. Always use NLA, strong passwords, and ideally access RDP through a VPN rather than exposing port 3389 to the internet.

Port 3389 Security

RDP on port 3389 is one of the most attacked ports on the internet. It has been the entry point for numerous ransomware attacks (Ryuk, Dharma, SamSam) and brute-force campaigns. The BlueKeep vulnerability (CVE-2019-0708) allowed remote code execution without authentication.

Never expose port 3389 directly to the internet. Use a VPN or RD Gateway for remote access. Enable Network Level Authentication (NLA), enforce strong passwords, implement account lockout policies, and keep Windows systems patched. Consider using multi-factor authentication for RDP access.

How to Check Port 3389

To check if port 3389 is open on a remote host, use nmap: 'nmap -p 3389 hostname'. For a quick TCP connection test, use: 'telnet hostname 3389' or 'nc -zv hostname 3389'. On Windows PowerShell, use: 'Test-NetConnection -ComputerName hostname -Port 3389'.

To check if port 3389 is listening on your local machine, use: 'netstat -tlnp | grep 3389' on Linux, or 'ss -tlnp | grep 3389'. On Windows, use: 'netstat -an | findstr 3389'. For a comprehensive scan, use: 'nmap -sV -p 3389 hostname' to detect the service version running on the port.

Related Ports

Port 22 (SSH) Port 5900 (VNC) Port 23 (Telnet) Port 445 (SMB)

Frequently Asked Questions

What is port 3389 used for?

Port 3389 is the default port for Remote Desktop Protocol (RDP). It is used for rdp communication using the TCP protocol.

Is port 3389 TCP or UDP?

Port 3389 uses TCP. TCP is used because rdp requires reliable, ordered data delivery.

Should port 3389 be open?

Port 3389 should only be open if you are actively running RDP. Close unused ports to reduce your attack surface. If needed, restrict access to trusted IP addresses using firewall rules.

How do I check if port 3389 is open?

Use 'nmap -p 3389 hostname' to scan remotely, or 'netstat -tlnp | grep 3389' to check locally on Linux. On Windows, use 'Test-NetConnection -Port 3389 hostname' in PowerShell.

How do I secure port 3389?

Secure port 3389 by restricting access with firewall rules, using encryption (TLS/SSL) where supported, keeping RDP updated, using strong authentication, and monitoring for unauthorized access attempts.

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.

Check My IP →

Related Tools

Port Reference
Complete network port database
Port Scanner
Scan ports on any host
SSL Check
Verify SSL certificate status
HTTP Headers
View HTTP response headers
Traceroute
Trace network route to host
Speed Test
Test your internet speed