Re: Determine attacker IP?
- From: "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Apr 2008 10:13:21 -0700
AllenM wrote:
Wrong. Although attackers do tend to use bizzare account names their
favorites are accounts that "do" exist such as "administrator"
"guest". They usually try to get in through the FTP port so if your
SBS server isn't a FTP server (and it shouldn't be) then you should
just disable FTP. Also the best way to stop this is to rename the
administrator account and disable the guest account.
The "best way" is have solid password policies (& human procedures),
complex, and changed often coupled with monitoring dillegence.
Guest should be disabled by default and shouldn't be enabled. Renaming
administrator offers little (but some) protections. Third party products
that install using a default service account should be much more of a
concern.
There are other effective hardening methods, but for SBS, this and a good
firewall with only required open ports should suffice.
ork.org> wrote in message
news:O19JXZ9nIHA.4832@xxxxxxxxxxxxxxxxxxxxxxx
Some persistent soul or drone attempted to log into my server
Administrator account. He/it tried about 30 times over two days at
4:40 in the morning. Is there an easy way to determine his IP
address and block or report it. I guess I'm dreaming about the
reporting part. SBS R2 Premium, ISA 2004 SP3. I get about one or two
break-in
attempts a month. Not bad. Usually, attackers try bizarre account
names that don't exist. Naturally, I have S7r0onN6Gg passwords/pass
phrases. Jim G
--
/kj
.
- Follow-Ups:
- Re: Determine attacker IP?
- From: AllenM
- Re: Determine attacker IP?
- References:
- Determine attacker IP?
- From: Jim G
- Re: Determine attacker IP?
- From: AllenM
- Determine attacker IP?
- Prev by Date: Re: SMTP Server Name - another try at this question
- Next by Date: Re: Mail bounces back from Exchange ONLY
- Previous by thread: Re: Determine attacker IP?
- Next by thread: Re: Determine attacker IP?
- Index(es):
Relevant Pages
|
