Solved

Windows 2003 Server - I have people attempting to break into my email server - what is my proper response?

Posted on 2008-09-29
8
258 Views
Last Modified: 2012-05-05
I've checked my email server logs, and I'm getting a lot of attempts to break in via brute-force + dictionary attacks.

I know the IP's that are doing it - is there an easy way for me to A) Block these IPs B) Automatically detect and block new ones in the future without affecting my email clients

Thanks
0
Comment
Question by:hamlin11
  • 4
  • 3
8 Comments
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599523
are the attackes coming from outside or inside?
If they are outside, you can use your firewall to block that IP.
If it's from inside, you need to find out what's wrong with that machine (or that user).
0
 

Author Comment

by:hamlin11
ID: 22599664
It's not from the local machine - it's from an external IP address -- possibly in the same server farm but probably outside of it.


0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599697
can you block any traffic from that IP on your firewall?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 5

Assisted Solution

by:NutrientMS
NutrientMS earned 50 total points
ID: 22599701
Yes, as flyingsky said, use your firewall to block that IP address.  What user account are they trying to brute force?  If it is the administrator account make sure you have a very strong password for it (which is best practice anyway)
0
 

Author Comment

by:hamlin11
ID: 22599788
They're trying a variety of logins & passwords on a specific domain.

I'll block the IP on my firewall - do you think I should add an IP-Filter on the server itself or should I configure the hardware firewall outside my server?

Thanks for the tips
0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599843
I would recommend another piece of equipment other than your server itself.
0
 

Author Comment

by:hamlin11
ID: 22599882
Ok, I'll configure the hardware firewall.

Do you have any comments on the second part of my question -- Is there some way to either alert me via email when a cracker is trying to get in - or auto-block an IP that tries to access too much?

Thanks

P.S., my email server software does not have this functionality
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 450 total points
ID: 22599897
Apparently you need some kind of Log analyzer software for this.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question