Our DC is SBS2003 and we also have a Server 2003 as a Terminal Server. We are using a Cisco Small Business Pro SRP527W modem/router.
For weeks we have been the target of someone trying to login remotely. I can get up to tens of thousands failed login attempts on any one night. These show up in the daily report that I recieve each morning. Mostly it shows a login name that failed as bad username or password. It was trying the Administrator account at first but I changed the name of that account to stop that. Our user accounts are based on each user's real name, so it could be only a matter of time until they latch onto a real user account. Then they can use brute force to get in.
One thing that I have noticed is that the failed attempts seem to use random ports. I wondered if the way forward might be to block all ports in our modem/router, but I can't work out how to do that.
Any suggestions? My fear is that it could just be a matter of time before they get in.