domain controller attempted hack after router rollout

We just had a Cisco tech rollout a 1721 router.  Since then we are having hack attempts that I can trace back to Austria. They are using valid domain accounts (I have a three try and you're out policy) and my  accounts keep getting locked out.  Any ideas? (I have created a local ip policy to block the offenders, but obviously this would be a never ending game).
bingbooAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

0xSaPx0Commented:
Yes, buy and install a firewall or configure ACL's on your router. There is no reason anyone on the internet should be able to access your server to authenticate via kerberos or any other standard authentication method.

- SaP -
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
makanaCommented:
As 0x said, get a Good firewall from Cisco and configure it the way you want and give a good good long password. you can however get ISA server (this is a software) that has proved so so good for firewall purpose.
0
maxinglisCommented:
Sounds like the router is just poorly configured - there shouldn't be much being passed to your local network from the internet. If its meant to provide remote access to another site, the vpn tunnel isn't configured right. If its meant to provide remote access for users working from home or off-site, then it again sounds misconfigured, because communications via the VPN client should be secured.

I think you need to get the cisco tech back and whoop his butt.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

0xSaPx0Commented:
If you have it, you can post the router configs (minus the enable secret and enable password lines) and we can take a look at it to get a better idea how it was setup.

- SaP -
CISSP, CCNA, CCDA, MCSE, CCA, CNA
Security+, Server+, Network+, A+, I-Net+
0
bingbooAuthor Commented:
 I will grab the config. tomorrow morning and publish here.  Thanks!
0
maxinglisCommented:
might be prudent to xxx out the first couple octets of any public IP addresses listed as well :)

Max.
0
bingbooAuthor Commented:
hi -
okay, we had a differenet tech come in and lock everything down.  Looks like we are good.  We have a win2000 software vpn off of our DC.  I was under the impression that all that need to be passed through the router was port 1721 (we took all of the defaults in setup).  On the clients we get to the point where it says verifying user id and then get a no response error - so I am assuming that it is trying to come back with a high port and waiting for the client who is then blocked trying to come back through the high port? Or am I completely off on this one?  Either way, can't vpn in.  Any ideas?
Thx.
0
bingbooAuthor Commented:
sorry meant port 1723.
0
bingbooAuthor Commented:
k - i think i might have foung it --- port 47 GRE - if I open that as well, will I be all set?
0
bingbooAuthor Commented:
k - just looked a bit more into this and it is protocol 47 gre not port 47 - so i only need port 1723 (no high ports?) - and how do i verify that gre is enabled on the cisco 1721?
0
bingbooAuthor Commented:
ran pptclnt on local lan machine while running pptpsrv on server. Success.  ran pptpclnt on client outside of lan, pptpsrv did not respond.  so my router is most def. not passing gre to my vpn server.  P.S. the whole reason I had to pull in a cisco tech is that I know abs. nothing about cisco 1721 so if someone could be as descriptive as possible on how to verify gre on the router, and if not passing, how to do so.
0
bingbooAuthor Commented:
sorry for the long delay. been in and out of the hospital as my wife just gave birth to my first son. :-)
created the access lists and i am good.  also using new cisco guy.
sorry again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.