Re: blocking foreign internet addresses



A harware firewall is very very very recommended!!
Welcome to the hack club, I get these all the time, and probably everyone
else does too. You MUST have a good strong password or passphrase on the
administrator account. I believe, and I am sure those smarter than I am
will correct me if I am wrong, that while a regular account will get locked
out after a certain number of bad passwords entered, the administrator
account does not. So the hackers can try to crack that one all night if they
want to.

These attacks are usually coming from an infected computer somewhere, and
the best one I saw was a computer from the Bulgarian government one night
(yes I like to do a whois search on the ip addresses of the computer trying
to break into my network, it keeps me focused on security, and entertained)

Just make sure you are secured properly (firewall, good passwords, windows
updates...) and they probably won't get in.

"kevin" <21stcenturycommunications@xxxxxxxxx> wrote in message
news:7fbc713d-687b-4ff7-b249-8e0bb2752bff@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
My SBS 2003 server have seen an increase in unauthorized network login
attempts in the last month.
People have been trying to hack the admin password about 20 to 60
times every other day.
I see these attempts in the SBS report and it bugs the hell out of
me. I find the ISP of the source IP and report the offender but the
addresses are constently changing.
Is this some kind of distributed attack?
Why are my servers being "picked on"?
I am running Trend Micro on the servers. Should I invest in a
hardware firewall?

It seems most attacks are comming from RIPE.

Can I block all inbound access from RIPE?

Thanks

Kevin


.