Event 4625 - Logon Failure - Server 2008 R2 is logging them all over the place ! How to stop the attack?

Posted by user72593 on Server Fault See other posts from Server Fault or by user72593
Published on 2011-03-01T07:12:55Z Indexed on 2011/03/01 7:26 UTC
Read the original article Hit count: 140

Filed under:

server

|

windows-server-2008-r2

I've been monitoring failed logons to a server which is directly connected to the internet with no hardware firewall in the way...testing purposes only. Using the Server 2008 R2 firewall, I blocked access to just about everything except RDP, then I told the firewall to only allow connections to the RDP port from "MY" static IP. I tested from other locations and I am not able to login to the server unless i'm at my office. So how are people coming from Chinese IP's able to attempt logons and get logged as failures ?? Is there something i'm missing that needs to be blocked? Any help would be appreciated.

© Server Fault or respective owner

Related posts about server

SQL SERVER – Server Side Paging in SQL Server 2011 Performance Comparison

as seen on SQL Authority - Search for 'SQL Authority'
Earlier, I have written about SQL SERVER – Server Side Paging in SQL Server 2011 – A Better Alternative. I got many emails asking for performance analysis of paging. Here is the quick analysis of it. The real challenge of paging is all the unnecessary IO reads from the database. Network traffic was… >>> More
Should I switch my server to Ubuntu Server from Windows Server 2003

as seen on Server Fault - Search for 'Server Fault'
I have a server thats primarily used for SRCDS, I host a few Team Fortress 2 servers on it and I would much prefer a ssh-like (more so the no-gui part) for something like this, mostly because I can't navigate with my phone on VNC very well and also because there really is no need for a gui in this… >>> More
Windows web server and SQL Server on same dedicated server

as seen on Server Fault - Search for 'Server Fault'
I'm currently trying to decide on the best approach to handle hosting a few moderate traffic websites for production e-commerce and online applications. We'd like to move to a dedicated server and are looking at this as the most likely machine: Quad Core Intel Core2Quad Q9550 Processor, 2.83 Ghz… >>> More
Windows 7 Desktop/Start Menu Redirection: Server O/S: Windows Server 2003 And Server 2008

as seen on Super User - Search for 'Super User'
Hi, I am new here so I am might be asking a question which has already been answered [however I can't see it in the suggested answers above] I manage a network which is split into a parent domain and a child domain. Recently I have been looking at when to migrate to Windows 7. The child domain… >>> More
Windows 7 Desktop/Start Menu Redirection: Server O/S: Windows Server 2003 And Server 2008

as seen on Server Fault - Search for 'Server Fault'
Hi, I am new here so I am might be asking a question which has already been answered [however I can't see it in the suggested answers above] I manage a network which is split into a parent domain and a child domain. Recently I have been looking at when to migrate to Windows 7. The child domain… >>> More

Related posts about windows-server-2008-r2

Cannot enable network discovery on Windows Server 2008 R2

as seen on Server Fault - Search for 'Server Fault'
I'm trying to enable the Network Discovery feature on a newly installed Windows Server 2008 R2 instance. The network connection is in the Home or Work profile (it is not domain joined). These are the steps I've followed: Within the Network and Sharing Center I select Change advanced sharing settings Then… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More
Sun Fire X4270 M3 SAP Enhancement Package 4 for SAP ERP 6.0 (Unicode) Two-Tier Standard Sales and Distribution (SD) Benchmark

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Oracle's Sun Fire X4270 M3 server achieved 8,320 SAP SD Benchmark users running SAP enhancement package 4 for SAP ERP 6.0 with unicode software using Oracle Database 11g and Oracle Solaris 10. The Sun Fire X4270 M3 server using Oracle Database 11g and Oracle Solaris 10… >>> More
Now Customers Can Actually Locate Your Resources with URL Rewriter 2.0 RTW

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Today, Microsoft announced the final release of IIS URL Rewriter 2.0 RTW . Now the first reason might be obvious why you would want to rewrite a URL – when you are at a cocktail party with loud music and tasty appetizers and a potential customer asks you where they can get more info on your snazzy… >>> More