Somebody is constantly running automated brute-force attacks against a Windows Server 2003 Terminal Server I published on WAN.
It is joined to a domain and I have Account Lockout Threshold GPO defined to lockout an account after 3 login attempts.
I also use local accounts on this server and I also set up local GPO Account Lockout Threshold to 3 login attempts.
But I still see regular logs in Event Viewer for numerous failed login attempts for non-existing domain and local users. These seem to be common usernames like admin, root, scan, etc.
What could I do to block all these attempts alltogether?