How to block out an IP if there are too many incorrect passwords attempted via RDP?

Question

Possible Duplicate:
Ban, slowdown or stop massive login attempts to RDP

There was an interesting thread about brute-force RDP attacks and one suggested solution that I liked was "set up so 150 incorrect passwords from any given IP within 24 hours blocks that IP".

Could someone provide more info on how to block out an IP if there were too many incorrect login attempts via RDP?

PS the original thread was: Ban, slowdown or stop massive login attempts to RDP

I don't think this adds anything to the original question. The simple answer is: use a firewall. — Ward - Reinstate Monica, Sep 27 '11 at 04:42

score 1 · Answer 1 · answered Sep 27 '11 at 04:36

Simple. Dont allow RDP from the internet. Point. Dont be cheap, install a security system.

my own RDP access runs through a terminal gateway (i.e. it is http on the internet) wand a firewall with intrusion prevention - THERE you stop the crap, not downline on the server.

How to block out an IP if there are too many incorrect passwords attempted via RDP?

1 Answers1