Quetzal
asked on
Someone trying to hack my server
I'm getting suspicious security audit failures from an off-network workstation plugging away at various usernames. I suspect that this are attempts being made through administrative TS sessions. How do I trap this varmint?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cooperation is a beautiful thing. Were you being hacked or lambasted by worms?
-Eric
-Eric
ASKER
Wormed. Persistant, methodical variations of standard ports and accounts. My client does not really want to pay for someone to invest the time to track down the offenders. I'm thinking of moving RDP and POP3 to non-standard ports. I think I will open another thread to talk about how the firewall on my router is configured.
ASKER
In fact I did open another thread in case you all want to follow it there:
https://www.experts-exchange.com/questions/20820439/Best-way-to-filter-worm-attacks-from-my-Netopia-R9100.html
https://www.experts-exchange.com/questions/20820439/Best-way-to-filter-worm-attacks-from-my-Netopia-R9100.html
ASKER