0

Possible Duplicate:
Ban, slowdown or stop massive login attempts to RDP

I have a Windows 2008 Server which is being attacked very hard.

Somebody is trying to use brute force to sign in to the server via remote desktop protocol. And looks like that attacker has a big range of IPs or bot net for attacks. Because, I have banned a thousands of his IPs and he is still able to continue attacking the server.

Please advise any way to reject any RDP sign in attempt if it fails 2nd time within one year from the same IP.

I think I need to create a rule to deny all attempts over the RDP protocol besides my IPs. The same rules for all other public resources, correct?

Highly appreciate any help.

Best regards.

Community
  • 1
user963113
  • 1
  • 1
  • 2

1 Answers1

1

Temporarily disable the RDP allow rule in your firewall. Other than that you'll just wind up spending countless minutes/hours blocking ip addresses.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • 2
    Alternative; at a firewall in front of the server, set it to allow only from certain IP's. – Bart Silverstrim Sep 25 '11 at 00:46
  • Subset suggestion of your answer, @Joeqwerty. Endorse voting your answer up for it. – Bart Silverstrim Sep 25 '11 at 01:48
  • 2
    This is why we run RDP and SSH for our servers over a VPN. It eliminates bruteforcing from all creation and strictly limits access to company employees so we don't have to waste time trying to prevent this kind of thing. – Fiasco Labs Sep 25 '11 at 03:03
  • Or you change the listening port for RDP to something completely different. – mailq Sep 25 '11 at 09:52