Reminder: If you've moved RDP to a non-standard port and opened it up to the outside world thinking that'll be safe, think again. Attackers are actively looking for RDP on alternate ports. In the past 24 hours alone, I've logged 110+ hosts attempting RDP auth on 11,850+ ports.

What’s weird to me is that I don’t see similar scanning for SSH on alternate ports.

Agreed. I suppose the RDP hackers just have a bit more gumption than the SSH crew... Gotta like bad guys with ambition.

I suppose we haven’t had an SSH remote exploit for a while. The same cannot be said of RDP.

Oh sure... I'm trying to whip up some bad blood between RDP hacker crewz and SSH hacker crewz over "lack of initiative," and you have to go ruin it with logic.

FYI: I just went and checked on this assumption. Of the 40,000+ identifiable SSH auth attempts I've recently seen, ALL have been against port 22 No SSH love on non-standard ports.

Well... I messed up. I found that I was missing some SSH authentication attempts and I've seen SSH attempts on the non-standard ports shown. I sincerely apologize for calling the SSH hackerz lazy. Note: 91 total auth attempts on non-standard ports vs. 40,000+ on 22/TCP