Stop illegal login attempts?
- From: "Adam Butler" <adambutler100@xxxxxxxxxxx>
- Date: Mon, 27 Nov 2006 20:21:04 -0600
Hi,
How can I stop illegal login attempts to my SBS box Exchange server?
This is on SBS 2003 SP1.
I had a guy last night try for over 3 hours to guess my username/password
which generated over 610 security errors in the security event log.
My server is behind a nat router (Zywall35) so I did capture the persons IP
from Romania.
However, is there not a way to lock out repeated attempts that occur in
rapid succesion?
I know I can do such with the router but I'd rather learn how to do such
with built in SBS or Exchange tools if possible.
I've copied and pasted a typical event log from these attempts below.
Of course the user name field was different for each attempt this person
made.
Looks like a typical dictionary attack to me but how to block this after say
10 attempts?
Any advice is welcome!
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 11/26/2006
Time: 23:53:43
User: NT AUTHORITY\SYSTEM
Computer: WX98
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Beaner
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: WX98
Caller User Name: WX98$
Caller Domain: KRUSEONE
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 784
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
.
- Follow-Ups:
- Re: Stop illegal login attempts?
- From: Cris Hanna
- Re: Stop illegal login attempts?
- Prev by Date: Re: Exchange + Gmail Help
- Next by Date: Re: Users can't see past 2nd nic to connect to internet - new sbs
- Previous by thread: Re: Exchange + Gmail Help
- Next by thread: Re: Stop illegal login attempts?
- Index(es):
Relevant Pages
|
