How to defend against password guessing on Windows 2008?

0 like 0 dislike
29 views
Good afternoon. There was a problem - 1C users working on the RDP could not connect to the server. Server on Windows 2008 R2. In the log is clean, except for "Security". It is full of failed login attempts, the interval between recordings 1-2 seconds. The user names in the logs do not exist on this server. The port on vneshke not standard (58342). How can I get the IP address of the culprit PC?

- - 4625001254400x80100000000000004882562SecurityIZH-HOST- S-1-0-0--0x0S-1-0-0ADMINISTRATOR0xc000006d%%23130xc000006a3NtLmSspNTLM--00x0---
by | 29 views

1 Answer

0 like 0 dislike
ip culprit - nothing. Arrives to you a package in which the ip of the sender is a last routing device. So the network is working.
And about protection policies, firewall. For example the password policy on the number of incorrect password attempts.
So you didn't knock the only one option - to close incoming connections, change port, etc.))
by

Related questions

0 like 0 dislike
3 answers
0 like 0 dislike
1 answer
0 like 0 dislike
3 answers
0 like 0 dislike
3 answers
110,608 questions
257,187 answers
0 comments
40,796 users