Re: Maximum Logon Attempts




"limelight" <limelight@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DC58E051-56C6-4CF1-8852-471F48E5F005@xxxxxxxxxxxxxxxx

My question is, does anyone know if there is a way to configure IIS so
that an FTP connection is closed after a set number of failed logon
attempts?
It seems crazy to allow the hacker to just keep plugging away.
Unfortunately,
the source address keeps changing, so blocking the address at the firewall
is
no good.

No, Windows does not have such an ability natively. Most such solutions
would I think have to rely on the source IP to prevent the person from
immediately re-establishing a new session, which of course wouldn't help
make your logs very much shorter.

Additionally, the source address for the legitimate company is also
dynamic, so the preferred solution of locking everyone out except for the
one
company also not feasible.

Well, you could set up VPN or a VPN or IPSec tunnel so that only they can
get in. For example, an IPSec tunnel where client certificates are required
to identify the client computer.

You could also disable or rename the Administrator account, so that any such
log entries about administrator won't concern you as much.

Other than this, most people with public FTP servers have to put up with
this sort of noise. It's harmless to you, as long as you have strong
passwords.


.