[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 263
  • Last Modified:

Windows Server 2000, 2003 -- How do i block lots of login attempts?

I run Windows 2000 Server and Windows 2003 Server on two systems. I regularly get thousands of ftp login attempts guessing passwords
for "Administrator" or some other common username. It comes in on different IP addresses. I renamed the common usernames so there is
little chance of a security breach, but I don't like wasting the bandwidth and filling up the event log. How can I block this?
0
oxygen_728
Asked:
oxygen_728
  • 4
  • 3
  • 2
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Shut down FTP.  It's insecure anyway.  Why do you need it?
0
 
oxygen_728Author Commented:
It's easy to use and I like it. I just need to know how to block these repeat login attempts.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You can't.  Decide - do you want to make things easy on you AND the attackers, or would you prefer to do things in a more secure manner, such as using a web or Sharepoint site, VPN, etc.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
oxygen_728Author Commented:
Can I write a script that executes when an IP address has executed X number of login attempts over Y minutes that automatically rejects any connection attempts by that IP?

0
 
Andrew DavisManagerCommented:
no.
What you can do is look at the countries that the ip's come from and then block those ip ranges at your router. However this will also effect mail that may come from these sources. eg. i had an attempt from  80.87.80.81 and when i check that with http://www.arin.net/whois/ it tells me that it is from amsterdam, and the isp has allocated 80.0.0.0 - 80.255.255.255 so knowing that i have no need for any info from them, at the router i could create a firewall rule to block that range.

That said the above comments are more correct and depending on your network if you start blocking ranges then you may effect other services, unless your router allows you to block ony certain ranges with certain ports.
0
 
oxygen_728Author Commented:
Can I at least keep my logs from filling up with these duplicate attempts? there are thousands from the same IP's
0
 
Andrew DavisManagerCommented:
no not without filtering out all those types of attemtps that if something goes wrong then you will need. if they are from the same ip's then it should be simple to block those ip's at the router.

No point just burying your head in the sand.
0
 
oxygen_728Author Commented:
I didn't understand your last comment very well Andrew, could you please rephrase?

Thanks for your time
0
 
Andrew DavisManagerCommented:
What "No point just burying your head in the sand"
It means treating it like if i cant see it then its not happening.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now