Possible Duplicate:
Ban, slowdown or stop massive login attempts to RDP
I have a Windows 2008 Server which is being attacked very hard.
Somebody is trying to use brute force to sign in to the server via remote desktop protocol. And looks like that attacker has a big range of IPs or bot net for attacks. Because, I have banned a thousands of his IPs and he is still able to continue attacking the server.
Please advise any way to reject any RDP sign in attempt if it fails 2nd time within one year from the same IP.
I think I need to create a rule to deny all attempts over the RDP protocol besides my IPs. The same rules for all other public resources, correct?
Highly appreciate any help.
Best regards.