Frank2005
asked on
Hacking attemps all occuring at same time.
Can anyone let me know what type of an attack would have 10 or 8 logon attempts all occuring at the exact same time.
The last 2 nights I have had security logs at about 1:00am with 10 attempts on the administrator account all logged at the same time, then last night, same thing.
What type of attack is this?
(FYI We are using a SBS2003 server with symantec VPN firewall and the administrator account has been renamed.)
The last 2 nights I have had security logs at about 1:00am with 10 attempts on the administrator account all logged at the same time, then last night, same thing.
What type of attack is this?
(FYI We are using a SBS2003 server with symantec VPN firewall and the administrator account has been renamed.)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
3389 most likely...
strong password, no "Administrator" accout, lockout after 4, port 25, 80, 110, 443, 3389
Thanks for the input!
strong password, no "Administrator" accout, lockout after 4, port 25, 80, 110, 443, 3389
Thanks for the input!
yes, tcp port 3389 is for terminal server...I would be very wary of opening terminal server to the Internet. OK, I just woudn't do it. If you need to remotely admin the server, VPN in, and then start a terminal session.
http://secureconditions.com/articles/NetworkSecurityGuidelinesNSA.pdf
Regards,
Good luck and stay secure.
CJ