It's only a matter of time; find & patch your RD Gateway systems ASAP.
All the @shodanhq dorks I have to find them are below.
https://beta.shodan.io/search?query=http.html%3AtdDomainUserNameLabel …
https://beta.shodan.io/search?query=RDWeb …
https://beta.shodan.io/search?query=TSWAFeatureCheckCookie …
https://beta.shodan.io/search?query=path%3D%2FRDWeb%2F …https://twitter.com/MalwareTechBlog/status/1217433253096779776 …
-
-
Correct; detections aren't 100% since RD Gateway runs on UDP/3391 and neither
@shodanhq nor@binaryedgeio scan for that port. RDWeb is commonly running on RD Gateway servers so this is the best detection I could come up with. -
The vulnerability can still be triggered via TCP/443 though, right? That is, even though it's also listening on UDP/3391, that may not matter? I would assume that the latter is usually firewalled off anyway.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.