Network Intrusion Question

Hello All,

I opened up port 3389 on my router because I remote into my computer frequently when not at home. I checked network intrusions and noticed a source IP from Bulgaria was allowed on source port 3389 and dest. 3389. Could someone have possibly used remote desktop to get on my computer, scanned ports? The application was svchost.exe. Any assistance is appreciated.


Potentially yes. It depends on what RDP application your using. I’m going to assume its Windows RDP, as that would explain the svchost.exe since that is the host process for the Remote Desktop Service in Windows. You’ll want to make sure you have the latest RDP hotfixes installed.

Personally I’d use a different program then Windows RDP. One that doesn’t require a port always open.