Solved

Windows 2003 Server - I have people attempting to break into my email server - what is my proper response?

Posted on 2008-09-29
8
257 Views
Last Modified: 2012-05-05
I've checked my email server logs, and I'm getting a lot of attempts to break in via brute-force + dictionary attacks.

I know the IP's that are doing it - is there an easy way for me to A) Block these IPs B) Automatically detect and block new ones in the future without affecting my email clients

Thanks
0
Comment
Question by:hamlin11
  • 4
  • 3
8 Comments
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599523
are the attackes coming from outside or inside?
If they are outside, you can use your firewall to block that IP.
If it's from inside, you need to find out what's wrong with that machine (or that user).
0
 

Author Comment

by:hamlin11
ID: 22599664
It's not from the local machine - it's from an external IP address -- possibly in the same server farm but probably outside of it.


0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599697
can you block any traffic from that IP on your firewall?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Assisted Solution

by:NutrientMS
NutrientMS earned 50 total points
ID: 22599701
Yes, as flyingsky said, use your firewall to block that IP address.  What user account are they trying to brute force?  If it is the administrator account make sure you have a very strong password for it (which is best practice anyway)
0
 

Author Comment

by:hamlin11
ID: 22599788
They're trying a variety of logins & passwords on a specific domain.

I'll block the IP on my firewall - do you think I should add an IP-Filter on the server itself or should I configure the hardware firewall outside my server?

Thanks for the tips
0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 450 total points
ID: 22599843
I would recommend another piece of equipment other than your server itself.
0
 

Author Comment

by:hamlin11
ID: 22599882
Ok, I'll configure the hardware firewall.

Do you have any comments on the second part of my question -- Is there some way to either alert me via email when a cracker is trying to get in - or auto-block an IP that tries to access too much?

Thanks

P.S., my email server software does not have this functionality
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 450 total points
ID: 22599897
Apparently you need some kind of Log analyzer software for this.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Learn about cloud computing and its benefits for small business owners.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question