I get now thousands of auto emails genetrated regarding unsuccessful security logs from one of my server on which I am running tsweb access. My clients access this server via https://server.mydomainname.com'
and work on a database program. As a precautionary measure I have already put in the account lock out policy after certain number of unsuccessful attempts but it seems like the people who attempt to have un authorized access to this server use Dos console with port mapped to 3389 and then they use brute force with different combinations to gain access.
I need help how to block the external unauthorized users IP addresses and or break their connection after certain # of logins? in server 2008.
Any good software firewall which checks the unsuccessful attempts and puts them in the block IP and then release them after an amount of time.
Cisco solution. At the moment I have cisco 2911 router with IOS firewall, I am getting tired of putting in manually the IPs of these buggers.