|
Posted by Steven L Umbach on August 14, 2005, 8:38 pm
Please log in for more thread options
Your best bet would be to configure your firewall to block the IP
addresses/IP range that you want to block. Since you are getting a lot of
attacks on your administrator account make sure that your server is not
offering services to internet that it should not be such as for file and
print sharing. At least the external adapter should have file and print
sharing and netbios over tcp/ip disabled and for all network adapters if not
needed. For a quick vulnerability scan go to a self scan site such as
http://scan.sygatetech.com/ . Run the Microsoft Baseline Security Analyzer
on your server and if it is Windows 2000 be sure to run the IIS
Lockdown/URLscan tool after backing up your server including the IIS
configuration. The anonymous logon events are for null sessions that the
operating system commonly uses for file and print sharing/browse list.
Disabling file and print sharing/netbios over tcp/ip should make them go
away if they are not needed. There are options in security policy to
restrict anonymous access. The links below may help. --- Steve
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.microsoft.com/technet/security/tools/locktool.mspx --- IIS
Lockdown/URLScan
http://www.microsoft.com/technet/security/prodtech/WebServices.mspx ---
TechNet Security for web services
http://support.microsoft.com/?kbid=246261 --- restrict anonymous in Windows
2000 with description of ramifications of.
>I have a server hosting my and few other websites 24/7. I'm logging on
>remoty to the server. In the last couple of days I had 100's of entries in
>my Event Viewer/Security where someone was truing to logon and guess the
>administrator password. Is there any way of protecting my self against that
>kind of attack?
>
>
>
> Q1) How to block other country IP addresses from logging on to a server (a
> logon to the server will only be allowed for example only from Germany)?
> But enable all the other services like http, mail, sql. to be accessed
> world wide.
>
>
>
> Q2) Is there a software (or is windows server 2003 capable of) that will
> temporary block an IP address for x amount of hours or day if it finds
> that someone is truing to guess a password (for example; after 3 attempts
> to logon it will block the IP address for 3days insted of blocking the
> user account)
>
>
>
> Q3) How to disable anonymous logon??
>
> In my Event Viewer / Security sometimes I have the following entry:
>
> Success Audit [date] [time] Security Logon/Logout 540
> ANONYMOUS LOGON [server name]
>
> Followed by a logout entry the same time
>
>
>
> Does the above event in my event Viewer represents a successfull logon as
> an anonymous logon?
>
> My guest account on that server is disabled.
>
>
>
>
>
> Tanks,
>
> Regards,
>
>
>
| 
XML Sitemap