Windows 2003 Server - I have people attempting to break into my email server - what is my proper response?

I've checked my email server logs, and I'm getting a lot of attempts to break in via brute-force + dictionary attacks.

I know the IP's that are doing it - is there an easy way for me to A) Block these IPs B) Automatically detect and block new ones in the future without affecting my email clients

Thanks
hamlin11Asked:
Who is Participating?
 
flyingskyConnect With a Mentor Commented:
Apparently you need some kind of Log analyzer software for this.
0
 
flyingskyConnect With a Mentor Commented:
are the attackes coming from outside or inside?
If they are outside, you can use your firewall to block that IP.
If it's from inside, you need to find out what's wrong with that machine (or that user).
0
 
hamlin11Author Commented:
It's not from the local machine - it's from an external IP address -- possibly in the same server farm but probably outside of it.


0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
flyingskyConnect With a Mentor Commented:
can you block any traffic from that IP on your firewall?
0
 
NutrientMSConnect With a Mentor Commented:
Yes, as flyingsky said, use your firewall to block that IP address.  What user account are they trying to brute force?  If it is the administrator account make sure you have a very strong password for it (which is best practice anyway)
0
 
hamlin11Author Commented:
They're trying a variety of logins & passwords on a specific domain.

I'll block the IP on my firewall - do you think I should add an IP-Filter on the server itself or should I configure the hardware firewall outside my server?

Thanks for the tips
0
 
flyingskyConnect With a Mentor Commented:
I would recommend another piece of equipment other than your server itself.
0
 
hamlin11Author Commented:
Ok, I'll configure the hardware firewall.

Do you have any comments on the second part of my question -- Is there some way to either alert me via email when a cracker is trying to get in - or auto-block an IP that tries to access too much?

Thanks

P.S., my email server software does not have this functionality
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.