[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
11/05/2009 at 09:12AM PST, ID: 24875187 | Points: 500
[x]
Attachment Details

Auto IP block based in event id viewer

Asked by jefersonsv in Windows Server 2008, Proxy/Firewall Anti-Virus, Internet Security

Tags: ip, firewall, block, windows server 2008, event, viewer, server, windows, 2008

I would like to block an IP in the firewall windows 2008 server, if my event viewer announce 10 unsuccessful attempts to login.

Detailing the issue.

My event viewer always shows brute force attempts to access the RDP (login: administrator, alpha, 1administrator), Sql Server 2008 (login: sa), etc..
As the attached screenshot you can see that every second the User IP: 66.36.xxx.xxx is trying by brute force, access my server with the sa login, and several consecutive invalid passwords.
In this case, I manually have to add this IP to my firewall rule of the windows, which I called "Hacker Attack".

My question is, how do I get this IP is attacking me by brute force, to enter the IP block list in my rule, "Hacker Attack" on my firewall windows 2008 server?

I like to do this automatically, every 10 invalid login attempts on the server.
[+][-]11/06/09 02:47 AM, ID: 25758024

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/06/09 07:22 AM, ID: 25759851

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-91 - Hierarchy / EE_QW_3_20080625