0

I am running a Windows 2008 Server which is racked in a data center. Over the last week I have noticed a lot of attempts to brute force login to the box via RDP. Here is what I have in place:

  1. Win Firewall - I have a rule to only allow specific IP Addresses through RDP.

  2. I have changed my RDP Port to something different then 3389.

  3. I have changed all my passwords to at least 15 + characters.

  4. Running TS_Block to blacklist IP address if they attempt more then 3 times. If they do I expire them for 48 hours.

  5. Policies - Account Lockout I have also set to 3 days as a secondary backup and that to is set to lock them out until 48 hours.

What I don't have: I hardware firewall :( My hosting company wants like $200.00 bucks additional a month to add it to my box.

My Problem:

The problem I am having is they are starting to absorb system resources (memory/cpu power). Does anyone know what else I can do to slow them down or even stop them?

Thanks,

Frank

Frank G.
  • 143
  • 8
  • If it's important to you then spend the $200.00 per month. Being cheap and being frugal are two different things and being cheap never ends well. – joeqwerty Aug 30 '13 at 15:36

1 Answers1

0

Are you using Network Level Authentication for RDP?

http://technet.microsoft.com/en-us/library/cc732713.aspx

If not, try switching that on and see if that stems the bandwidth taken from the screen drawing of the login box, if nothing else.

Daniel Dainty
  • 21
  • 3