windows server 2003/DC/AD--Exchange Server 2003-- XP Clients
I was reviewing my event logs the other day and I noticed some failed audits. When I looked at these audits they are from workstations that are not apart of my network and public ip address that I haven't seen before. From doing research I think it is possible that we may be getting attacked by the iraqi oil worm. Based on some other articles, They mention that port 445 should be blocked to stop the attack.
Can anyone tell me how to block a port and any other sugestions to stop this attack.