Anyway to block hacker & their IP addresses?

MPECSInc,
thank you for prompt reply
No. I did not have ISA on this Box
the first two devices, I assumed are hardware's?
the last one is software, right?
if I only have a choice for software and do not want anything as of "free" or freeware.
Would you recommend a legitimate software that does not have any conflict with Symantec antivirus (cooperate edition) / antispam (Symantec Mail Security for Exchange) / running on this exchange server?
please reply!

AndrewJDAvis:
the router came from verizon DSL
it is too much to ask from verizon to switch/changes since they assigned the static ip already been done and delivered

my question is, how do they know this box's static ip?
from the internet community, where & how does it show or tell these hateful hackers the server's ip address?

does the server tell everybody once the software's been installed and built?

I can't seem to understand how they saw it and the amazing thing was, they even know which port (RDP) to tried and connected! that's the most unbelievable thing for me to even accepted until this day!

(I've changed the port on RDP)
Sam

Phillip:
that's why my profile shown as "beginner"
but I am not affair to ask because I will read and study from all your experts / comments
and for me to do that, is to try from my own box instead of from the client's
that would be my last thing to do to break anything before I even consider myself not an beginner any more!

anyway, I need to block these hackers but i am running short (on knowledge) and out of resources (small client & no more expense!)

anything you can suggest and recommend in between (not) expensive - (not) free?
I am sorry if I give any hard time on my response!
Sam

"Changing the port for RDP is no good. Lookup TSGrinder which is probably what you are dealing with. It will sniff all 65K+ ports for a listenting TS box and start grinding."

I should have refresh the page before I post reply! I will do that now...
changing the port was because it got out of control from many hackers and hacking...
(when I read the daily server report) that's why I made the changed

Close 3389 and use the Remote Web Workplace as your TS proxy. It is built-in and SSL secured! You are using Remote Web Workplace in SBS are you not?

Yes, server was running RWW - but I disabled RWW cause I thought that could be the problem!

so, could you please direct me on how to "close" port 3389 (I didn't know I can close it?)
of course, I will try to see if I can remote in using RWW before I close that port!

please reply
thanks!

okay! I know that one. just uncheck TS and check RWW

but to turn off port forwarding on port 3389 - i don't have a firewall device and if I do., does it only let you setup port to enable but not disable? or how do you disable it (port 3389) if there's no such port listed? correct me if I am wrong.
thanks!
Sam

Phillip:
I got RWW running and being tested now...

Quick question,
if i don't see a check mark in the process of running CEICW, (why?)
how do I disable TS if there's another way?
please reply!

AndrewJDavis:
I was here in the U.S (English is my 2nd Language)
I just done that last night... (uncheck remote connection) but only for temporary cause I  locked myself out of communcated with the server

Verizon does provided this company a router (Westel) the latest one with wireless but i forget model# and will get that when I visit that office this Sat.

In term of firewall came with that router, it does have some setting but I can't find anything that allow me to block specific IP addresses (I am sure you know I wasn't refer to the router but because of me - lack of knowledge!)

I agreed with your recommended except I am not ready to do so for now... need to find time to study - learn... and I don't have it!

-----

"MPECSInc:            
Yes, you need to run the CEICW: To Do --> Connect to the Internet to get things working right. There should be a check mark for Terminal Services there."

I got the RWW working and tested

"Turn off port forwarding for 3389 on your firewall device if you have one."

I can't seem to find anything in the modem/route provided by Verizon?

and, as you mentioned:
"Close 3389 and use the Remote Web Workplace as your TS proxy. It is built-in and SSL secured! You are using Remote Web Workplace in SBS are you not??"
I had RWW running but wasn't sure when you referred to using RWW instead of RDP - TS
to login to server. as I thought there's ways to stop / disable / block outside - intruder to attempt to RDP into the server and for me to just use RWW instead ot RDP - TS!

again, you just told me that there's no way to disable RDP - TS
I just need to get - find something else...
Sam

Phillip:
Sorry... the check mark that gives you a option to uncheck or check Terminal Server
it wasn't there in CEICW?  (SBS2003-R1)
Sam

Phillip:
all noted.
I think I missed one step when i click & view from the link you provided, I will double check again! but I have to do this in the weekend cause i unchecked the remote connection onto the server day ago as I mentioned.

and Guys, I bought a used PIX-501 at ebay (it came with power but no SW. - manual - cables?) I really appreciate your suggestions or some direction and will try googling myself

I still have one more concern. even though i stop the remote connection in... there's still a attempted to login (invalid-login) onto the server, why?

(Or, if this has to be another open question - ticket open?)

-------
 Logon Failure:    Reason: Unknown user name or bad password    
User Name: administrator    
Domain: xx.xxx.xxx.xxx (IP address removed)    
Logon Type: 3    
Logon Process: NtLmSsp    
Authentication Package: NTLM    
Workstation Name: S15312629    
Caller User Name: -    
Caller Domain: -    
Caller Logon ID: -    
Caller Process ID: -    
Transited Services: -    
Source Network Address: xxx.xxx.xxx.xx (hacker IP address removed)    
Source Port: 2363
--------

Sam

Phillip:
I don't have the "enable" firewall configuration due to one NIC adapter for this server only!
Port (RDP) can't be closed and looks like this is it!
Any suggestion?
thansk!

I just bought (still need to do some study - plus there's no software or manual came with  it) but that's okay cause I need to work on that PIX-501 and maybe a couple of months & I will have a clue on how to...
thanks!

I have the router and I did setup those port forwarding (25, 443, 4125, etc...)
I only saw ports to be enable in port forwarding but not disable in this router (Westel)
and the firewall was completely unreliable! & there was no custom one for me to add/edit/modify
for instance, I set firewall to MAX (it still allow me to run anything I want!!!

that's why I couldn't perform - do the work I want...
and now I just got this PIX-501 (still need to order other accessories at ebay) waiting to go to the next level - in the meanwhile, get attack, attack and attack!

I thought I could take advantage of the method mentioned (close - shut down port 3389)
it turns out I must face and accept it for now... (more invalid logged in logs everyday...)
very frustrated.