• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 161
  • Last Modified:

Hacking attemps all occuring at same time.

Can anyone let me know what type of an attack would have 10 or 8 logon attempts all occuring at the exact same time.

The last 2 nights I have had security logs at about 1:00am with 10 attempts on the administrator account all logged at the same time, then last night, same thing.  

What type of attack is this?

(FYI We are using a SBS2003 server with symantec VPN firewall and the administrator account has been renamed.)  
2 Solutions
If none of them were successful - you're probably getting scanned from the Internet -
They're looking for "vulnerable" servers.
Make sure you have "strong" passwords.
Just off the top of my head, though.

Also try going through this document. It works on 2003 as well.



Good luck and stay secure.

only 8 or 10 attempts doesn't really classify as a 'brute force' attack! :)

these attacks were against the SBS server? How did they get to it through your firewall? What rules on the FW would allow someone to directly access the server? IMO, it should only really be necessary have inbound port 25 to your mail server, and not much else.

Also, do you have account lockout enabled? That would slow down any sort of automated login attempts.
Frank2005Author Commented:
3389 most likely...
strong password, no "Administrator" accout, lockout after 4, port 25, 80, 110, 443, 3389
Thanks for the input!
yes, tcp port 3389 is for terminal server...I would be very wary of opening terminal server to the Internet. OK, I just woudn't do it. If you need to remotely admin the server, VPN in, and then start a terminal session.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now