Re: Failed Login Attempts-Non Existent Accounts

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/25/05 

Date: Thu, 24 Mar 2005 23:50:25 -0600

First I would make sure that your firewall is correctly configured and that
the server is properly hardened in that unnecessary services are disabled.
MBSA can help you with that and keep in mind that file and print sharing
should be disabled on servers that do not need it and all external network
adapters. If you have file and print sharing ports exposed to the internet
you certainly will get hit with a lot of brute force password attacks. If
you deny the IP address at your firewall device it should not degrade the
server's performance. You might be able to use performance monitor to alert
you is failed logon attempts go beyond a threshold you define. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://scan.sygatetech.com/ --- check your firewall here [basic check]

"JM_Metal" <JMMetal@discussions.microsoft.com> wrote in message
news:FFE8407F-4CFD-4E15-838E-65F2F1551157@microsoft.com...
> Hi All,
>
> We have a W2K3 server getting hit with login attempts to acounts that do
> not
> exist (ex: admin) on the server (brute force DOS attempts maybe). I can
> deny
> access when I see the IP address of the offender, but performance is
> degrading during the attack. Is there a util that will report via e-mail
> or
> pager when an login attempt hits a pre-defined threshold, or shut them out
> immediatly?
>
> I have policies in place to limit failed login attempts for legit
> accounts.
> I could not find any native windows functions for this. Any help is
> greatly
> apprciated.
>
> Thanks,
> Jeff
>

Relevant Pages

  • Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
    ... during initial setup phase, this firewall remains until updates are all ... That's true on XP Professional and on Server 2003... ... Server allows two concurrent logins; presumably one can login as a mere mortal and use RDP to connect as an administrator; I simply connect as an administrator from my Linux box. ...
    (Fedora)
  • Re: too many illegal connection attempts through ssh
    ... > attempts to login to my server from a suspicious ... enough to stop these bulk attacks on my server. ... a combination of firewall & alternative sshd port. ... I suppose you're familiar enough with firewall rules. ...
    (freebsd-questions)
  • Re: Slow login to server
    ... when I try to login to the server, ... This product added a firewall service. ... firewall related services and set their startup to manual. ...
    (microsoft.public.windows.server.general)
  • SMB and XP
    ... I have several XP boxes connecting to 2000 Server. ... but when he tries to login it asks for the login again and again and again. ... His firewall is turned off on his side. ...
    (microsoft.public.windowsxp.network_web)
  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)