asked on

Windows 2003 Server - I have people attempting to break into my email server - what is my proper response?

I've checked my email server logs, and I'm getting a lot of attempts to break in via brute-force + dictionary attacks.

I know the IP's that are doing it - is there an easy way for me to A) Block these IPs B) Automatically detect and block new ones in the future without affecting my email clients

Thanks

SOLUTION

flyingsky

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

hamlin11

ASKER

It's not from the local machine - it's from an external IP address -- possibly in the same server farm but probably outside of it.

SOLUTION

flyingsky

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

NutrientMS

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

hamlin11

ASKER

They're trying a variety of logins & passwords on a specific domain.

I'll block the IP on my firewall - do you think I should add an IP-Filter on the server itself or should I configure the hardware firewall outside my server?

Thanks for the tips

SOLUTION

flyingsky

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

hamlin11

ASKER

Ok, I'll configure the hardware firewall.

Do you have any comments on the second part of my question -- Is there some way to either alert me via email when a cracker is trying to get in - or auto-block an IP that tries to access too much?

Thanks

P.S., my email server software does not have this functionality

ASKER CERTIFIED SOLUTION

flyingsky

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial