UDP 88
Synopsis
- Kerberos v5 uses UDP port 88 for KDC requests (AS/TGS exchanges).
- Microsoft Active Directory domain controllers (Windows Server) listen on UDP 88 for Kerberos, serving Windows clients and services that use AD authentication.
- MIT Kerberos and Heimdal KDCs on Unix/Linux (including FreeIPA/Red Hat IdM) use UDP 88 for Kerberos; Samba AD Domain Controller also listens on UDP 88.
- Managed directory offerings such as Azure Active Directory Domain Services and AWS Managed Microsoft AD expose Kerberos on UDP 88.
- Xbox Live requires port 88 (UDP) to be open on routers for console connectivity on Xbox One/Series X|S and Xbox 360.
- Security: Kerberos on UDP 88 has been abused for DDoS amplification/reflection and is involved in AD attacks like Kerberoasting and AS-REP roasting when KDCs are exposed to the internet.
Observed activity
Last 30 days
Detailed chart