Currently, at least 5 times a week for about 8 hours, my server is being pounded with login attempts that fail. The thing is that the logins are all from IP addresses in China (from which I have no users) and they are all generic names like "Sally" or "John" with failed passwords.
Sure, they haven't gotten in to my server yet, but it has to be slowing down my server. Just the time it takes to write the number of events that have occured in the event logs is going to slow down my server.
So, I want to be able to completely ignore any traffic on any port from any IP address from which more than one invalid user name attempts to login.Is this a hardware thing or is there software to handle this? Or does such a thing exist?
Any help would be greatly appreciated. This is really important that I get this handled immediately.