Solved

Windows 2003 Server - I have people attempting to break into my email server - what is my proper response?

Posted on 2008-09-29
8
255 Views
Last Modified: 2012-05-05
I've checked my email server logs, and I'm getting a lot of attempts to break in via brute-force + dictionary attacks.

I know the IP's that are doing it - is there an easy way for me to A) Block these IPs B) Automatically detect and block new ones in the future without affecting my email clients

Thanks
0
Comment
Question by:hamlin11
  • 4
  • 3
8 Comments
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599523
are the attackes coming from outside or inside?
If they are outside, you can use your firewall to block that IP.
If it's from inside, you need to find out what's wrong with that machine (or that user).
0
 

Author Comment

by:hamlin11
ID: 22599664
It's not from the local machine - it's from an external IP address -- possibly in the same server farm but probably outside of it.


0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599697
can you block any traffic from that IP on your firewall?
0
 
LVL 5

Assisted Solution

by:NutrientMS
NutrientMS earned 50 total points
ID: 22599701
Yes, as flyingsky said, use your firewall to block that IP address.  What user account are they trying to brute force?  If it is the administrator account make sure you have a very strong password for it (which is best practice anyway)
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:hamlin11
ID: 22599788
They're trying a variety of logins & passwords on a specific domain.

I'll block the IP on my firewall - do you think I should add an IP-Filter on the server itself or should I configure the hardware firewall outside my server?

Thanks for the tips
0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599843
I would recommend another piece of equipment other than your server itself.
0
 

Author Comment

by:hamlin11
ID: 22599882
Ok, I'll configure the hardware firewall.

Do you have any comments on the second part of my question -- Is there some way to either alert me via email when a cracker is trying to get in - or auto-block an IP that tries to access too much?

Thanks

P.S., my email server software does not have this functionality
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 450 total points
ID: 22599897
Apparently you need some kind of Log analyzer software for this.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now