TCP 33389
Synopsis
- TCP 33389 is commonly seen as an alternate port for Microsoft Remote Desktop Protocol (RDP) when administrators change the default 3389 on Windows Remote Desktop Services (e.g., Windows Server 2016/2019/2022).
- Linux RDP servers like xrdp are also frequently configured in the wild to listen on 33389 instead of 3389.
- Managed service providers and hosting setups often port-forward public 33389 to internal RDP to reduce noise from default-port scans.
- Because it’s used as a non-default RDP port, threat actors routinely scan and brute-force 33389; some intrusions relocate RDP to 33389 to evade basic detections, and any RDP vulnerabilities apply regardless of the port.
- In short, real-world sightings of 33389 are overwhelmingly RDP services running on a non-standard port.
Observed activity
Last 30 days
Detailed chart