I am running a Windows 2008 Server which is racked in a data center. Over the last week I have noticed a lot of attempts to brute force login to the box via RDP. Here is what I have in place:
Win Firewall - I have a rule to only allow specific IP Addresses through RDP.
I have changed my RDP Port to something different then 3389.
I have changed all my passwords to at least 15 + characters.
Running TS_Block to blacklist IP address if they attempt more then 3 times. If they do I expire them for 48 hours.
Policies - Account Lockout I have also set to 3 days as a secondary backup and that to is set to lock them out until 48 hours.
What I don't have: I hardware firewall :( My hosting company wants like $200.00 bucks additional a month to add it to my box.
My Problem:
The problem I am having is they are starting to absorb system resources (memory/cpu power). Does anyone know what else I can do to slow them down or even stop them?
Thanks,
Frank