View Full Version : Someone trying to brute force my terminal server.
m4a2t0t
07-12-04, 11:40 AM
I think someone is trying to break into my system through one of our assistants accounts. Her account is repedatly locked out, when im looking into the security logs I see logon/logoff audits and I'll see three in a row then a 30 minute wait then again. This isnt happening all day long but she gets locked out 1-2 times a week, says she isnt using the wrong password either. Is there anyway to check where the attempts are coming from, possibly a computer or remote computer on our end. I was thinking I would just increase the lockout to a few hours.
MadDoctor
07-12-04, 11:58 AM
What firewall (s) are you using?
m4a2t0t
07-12-04, 11:59 AM
Sonicwall TZW, upgrading to a 2040 shortly.
MadDoctor
07-12-04, 12:08 PM
How does he firewall logs look when you compare them to the system logs (care given to times (minute and second) so you can figure out who is doing what when).
YeOldeStonecat
07-12-04, 12:11 PM
You have the TS port opened on the router? Or do clients only log in via Global VPN and then launch remote sessions? (preferred)
m4a2t0t
07-12-04, 12:25 PM
I had to open the port on the firewall, If I make them use the global VPN software I will get a phone call every shift change from every store asking how to connect to the server. I have a site-to-site setup for almost every store, I will be finishing it this weekend so I will not have to have to ports open anymore.
I'll save the logs and compare next time it gets locked out.
YeOldeStonecat
07-12-04, 12:34 PM
Each store? Is there like 1x main, central office, and several satellite offices? If so, why not a router to router VPN, that way the satellites are connected seamlessly 24/7.
m4a2t0t
07-12-04, 12:39 PM
ya 1 main and remote locations in the malls, There is 18 locations now and I havent got to setup a few of them. I also only have the TZW and it only does 10 VPNs total, which is why I just go the 2040 which does 50 VPN's.
YeOldeStonecat
07-12-04, 12:42 PM
ya 1 main and remote locations in the malls, There is 18 locations now and I havent got to setup a few of them. I also only have the TZW and it only does 10 VPNs total, which is why I just go the 2040 which does 50 VPN's.
Ah OK, so shortly you'll have her all buttoned up tight!
m4a2t0t
07-12-04, 02:45 PM
Ya im leaving this thursday to go to 2 stores in colorado, 3 in new mexico and 2 in el paso, texas. I should be busy:D
vBulletin® v3.8.4, Copyright ©2000-2010, Jelsoft Enterprises Ltd.