I have a windows 2000 domain controller that is also running a web server and an ftp server.
some character keeps performing a brute force attack to my ftp server with the administrator user and just trying to guess the password.
I need to configure policies to
-- audit these attacks in the event viewer
-- block the attacker from connecting to the server for 30 minutes (without locking down the administrator user.)