Hacking attemps all occuring at same time.

Posted on 2005-04-21
Last Modified: 2013-12-04
Can anyone let me know what type of an attack would have 10 or 8 logon attempts all occuring at the exact same time.

The last 2 nights I have had security logs at about 1:00am with 10 attempts on the administrator account all logged at the same time, then last night, same thing.  

What type of attack is this?

(FYI We are using a SBS2003 server with symantec VPN firewall and the administrator account has been renamed.)  
Question by:Frank2005
    LVL 12

    Assisted Solution

    If none of them were successful - you're probably getting scanned from the Internet -
    They're looking for "vulnerable" servers.
    Make sure you have "strong" passwords.
    Just off the top of my head, though.

    LVL 6

    Expert Comment

    Also try going through this document. It works on 2003 as well.


    Good luck and stay secure.

    LVL 16

    Accepted Solution

    only 8 or 10 attempts doesn't really classify as a 'brute force' attack! :)

    these attacks were against the SBS server? How did they get to it through your firewall? What rules on the FW would allow someone to directly access the server? IMO, it should only really be necessary have inbound port 25 to your mail server, and not much else.

    Also, do you have account lockout enabled? That would slow down any sort of automated login attempts.
    LVL 2

    Author Comment

    3389 most likely...
    strong password, no "Administrator" accout, lockout after 4, port 25, 80, 110, 443, 3389
    Thanks for the input!
    LVL 16

    Expert Comment

    yes, tcp port 3389 is for terminal server...I would be very wary of opening terminal server to the Internet. OK, I just woudn't do it. If you need to remotely admin the server, VPN in, and then start a terminal session.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now