?
Solved

Windows 2003 Server - I have people attempting to break into my email server - what is my proper response?

Posted on 2008-09-29
8
Medium Priority
?
264 Views
Last Modified: 2012-05-05
I've checked my email server logs, and I'm getting a lot of attempts to break in via brute-force + dictionary attacks.

I know the IP's that are doing it - is there an easy way for me to A) Block these IPs B) Automatically detect and block new ones in the future without affecting my email clients

Thanks
0
Comment
Question by:hamlin11
  • 4
  • 3
8 Comments
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 1800 total points
ID: 22599523
are the attackes coming from outside or inside?
If they are outside, you can use your firewall to block that IP.
If it's from inside, you need to find out what's wrong with that machine (or that user).
0
 

Author Comment

by:hamlin11
ID: 22599664
It's not from the local machine - it's from an external IP address -- possibly in the same server farm but probably outside of it.


0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 1800 total points
ID: 22599697
can you block any traffic from that IP on your firewall?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 5

Assisted Solution

by:NutrientMS
NutrientMS earned 200 total points
ID: 22599701
Yes, as flyingsky said, use your firewall to block that IP address.  What user account are they trying to brute force?  If it is the administrator account make sure you have a very strong password for it (which is best practice anyway)
0
 

Author Comment

by:hamlin11
ID: 22599788
They're trying a variety of logins & passwords on a specific domain.

I'll block the IP on my firewall - do you think I should add an IP-Filter on the server itself or should I configure the hardware firewall outside my server?

Thanks for the tips
0
 
LVL 18

Assisted Solution

by:flyingsky
flyingsky earned 1800 total points
ID: 22599843
I would recommend another piece of equipment other than your server itself.
0
 

Author Comment

by:hamlin11
ID: 22599882
Ok, I'll configure the hardware firewall.

Do you have any comments on the second part of my question -- Is there some way to either alert me via email when a cracker is trying to get in - or auto-block an IP that tries to access too much?

Thanks

P.S., my email server software does not have this functionality
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 1800 total points
ID: 22599897
Apparently you need some kind of Log analyzer software for this.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question