proteus-IV
asked on
Windows Terminal Server brute-force attempts
Somebody is constantly running automated brute-force attacks against a Windows Server 2003 Terminal Server I published on WAN.
It is joined to a domain and I have Account Lockout Threshold GPO defined to lockout an account after 3 login attempts.
I also use local accounts on this server and I also set up local GPO Account Lockout Threshold to 3 login attempts.
But I still see regular logs in Event Viewer for numerous failed login attempts for non-existing domain and local users. These seem to be common usernames like admin, root, scan, etc.
What could I do to block all these attempts alltogether?
It is joined to a domain and I have Account Lockout Threshold GPO defined to lockout an account after 3 login attempts.
I also use local accounts on this server and I also set up local GPO Account Lockout Threshold to 3 login attempts.
But I still see regular logs in Event Viewer for numerous failed login attempts for non-existing domain and local users. These seem to be common usernames like admin, root, scan, etc.
What could I do to block all these attempts alltogether?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER