|
Posted by S. Pidgorny on August 1, 2007, 5:11 pm
Please log in for more thread options
There is a way - reconfiguring connectivity through the firewall to avoid
NAT that you use - but wha is the point? Blocking IPs isn't effective way to
counter the threat.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
>I have RDP on a Server2K3 accessible from the Internet. Occasionally I
> see dictionary attacks in the security logs, about 30 to 40 logon
> attempts in a period of a couple of minutes, using some common logon
> ID's (administrator, admin, etc.). Since the attacks are coming from
> outside the firewall (hardware), the event log does not show the IP
> address. Any way to capture this so that I can block these folks at
> the firewall?
>
> I've been able to successfully block some east Asian IP addresses from
> getting through on FTP and suspect they are the same ones trying to
> hack RDP.
>
> FWIW, administrator account is renamed and not used for general
> administrative access. The server, always kept up to date with service
> packs, has never been hacked but these folks are mildly persistent (so
> far).
>
> TIA
>
> Mike
| 
XML Sitemap