Re: How do I block a single IP address from logging on as Administrator?

Yes, it's not an IIS attack. Would the firewall in Windows Server 2003 SP2
be adequate?

Thanks.


"Chris M" <nobody@xxxxxxxxxxxxxxx> wrote in message
news:fga16s$2ku$1@xxxxxxxxxxx
Mike Thompson wrote:
I have been running a public web server for 10 years, now running Windows
2003 Server, and I've just encountered (for the first time) an ISP who
cannot or will not stop hack attacks coming from one IP address in his
center. The hacker tries to log on as Administrator, and his activity is
logged in the Security Log. This has happened repeatedly over the last
several months, and I've talked to the ISP by phone numerous times, but
no action.

Is there a way to block a single IP address from logging on to Windows
2003 Server (SP1)? This is not an IIS issue, it's a Windows Server
issue, as the attacker is not trying to log onto the website, he is
trying to log on to the server as Administrator.

How is the attacker actually trying to log on to the server? Not Remote
Desktop surely?

If the logon failures are not coming from IIS (via integrated
authentication) then you have a deeper problem - your server isn't
correctly firewalled. These logon attempts from an untrusted IP address
should never even reach your server in the first place.

--
Chris.


.

Relevant Pages

  • RE: Is this as bad as it seems?
    ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
    (Security-Basics)
  • Re: Executing a locally installed program in IIS 6
    ... it appears that PHP requires enabling a security ... function needs CMD.EXE to have weak ACLs and accessible via IIS -- something ... we explicitly denied with IIS6 on Windows Server 2003). ...
    (microsoft.public.inetserver.misc)
  • [NEWS] Firewall Circumvention Possible with All Browsers
    ... The exploit allows an attacker to use any JavaScript-enabled web browser ... any HTTP server behind the firewall. ... outlined in the section "Quick-Swap DNS". ... If the client in use is Microsoft Internet Explorer, ...
    (Securiteam)
  • [NT] Unchecked Buffer in Network Share Provider Can Lead to Denial of Service
    ... SMB (Server Message Block) is the protocol Microsoft uses to share files, ... The attacker could use both a user account and anonymous access to ... What's the scope of the vulnerability? ...
    (Securiteam)
  • Re: IIS 6 DCOM error
    ... Then start IIS with: ... www.ilopia.com - FAQ and Tutorials for Windows Server 2003 ... "Caine Lee" wrote in message ... > Windows 2003 Enterprise server. ...
    (microsoft.public.inetserver.iis)