guys. My gateway server has been getting hammered for about a day, now. Internet access slows to a crawl for about an hour at a time, internally, and I noticed that when it is slow, lsass.exe is busy sending something out to external machines on the Internet. I would think this is some sort of brute force attack, but I don't understand why lsass is sending a bunch of data but receiving nothing. This box has a software firewall on it until the appliance arrives. The hostnames talking to lsass indicated by Resource Monitor aren't real, and I haven't found a way to find their IPs. I tried setting up an inbound rule to block access to lsass on the Internet NIC, but that does not seem to have helped. Malwarebytes found nothing amiss. Nothing particularly helpful in failed security audits, either - just attempts at logging in with unknown users every minute or so. Any suggestions on what I should do to stop this traffic in the near term? I'm afraid this is not my wheelhouse, and I am doing what I can to try to get this controlled. Thanks in advance for suggestions. Screenshot from Resource Monitor is below.
Asked
Active
Viewed 3,362 times
-3
-
You definitely need someone knowing something about network security to help you with setting up your network. First rule: never connect a Windows system directly to the Internet without interposing a (hardware) firewall. The so-called software firewall doesn't count. – Tilman Schmidt Oct 14 '16 at 21:16
-
Welcome to the (old) Internet. – Michael Hampton Oct 14 '16 at 23:51
-
Update your question with the results of [auditpol](https://technet.microsoft.com/en-us/library/cc753632(v=ws.11).aspx). I believe the command is `Auditpol /list /subcategory:* /r` though I don't have a running system to test at the moment. – user2320464 Oct 15 '16 at 03:28
1 Answers
0
This is just a home server for fiddling. I ran out of time trying to figure out the details of what was happening and just changed my IP. Everything got predictably quiet. My new firewall/VPN arrived Saturday morning and this box sits behind it, now. Thank you to the people who offered suggestions. To those of you that responded with snark, way to go.
Olive It
- 1
- 1
- 1