How to block an attacking IP on Windows Server 2008 R2?

P

Pavel2014-08-15 10:47:53

firewall

Pavel, 2014-08-15 10:47:53

Greetings.
There is Windows Server 2008 R2 for remote access to accountants. For some time now, bots have been trying to guess the password to the server, in the logs you can see "Audit failure". The standard port 3389 has been replaced with another one, but the attacks continue. Can you please tell me how to configure the server so that after three unsuccessful login attempts, the IP address is automatically blocked? Can this be done in a standard firewall or do I need to buy something extra?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

O

oia, 2014-08-15
@oia

ipfw setting by ip and poppies)

S

Sergey, 2014-08-15
@bk0011m

In general, hanging Windows "out" is already not good.
If you still want to post it, then only through an intermediate server, it is also a gateway, or some piece of hardware with a firewall.
*nix-like systems feel best as a gateway. FreeBSD, OpenBSD, Linux etc.
If you do not communicate with * nix, then install windows, raise ISA on it, and then you can more or less manage traffic somehow.
If all this is difficult, then put a piece of iron with a firewall. For example, Cisco ASA, etc... If money does not allow, take a closer look at Microtik.

S

Sergey, 2014-08-15
@edinorog

buy a normal router)

N

nfire, 2014-08-15
@nfire

Best to do as oia suggested : access only from certain addresses. Anyone who needs access buys a stat. address (if not) And management explains that other methods of protection are not effective.
Or vpn, with a ban on attacking addresses.

@

@ITNIK, 2014-08-15
_

+ oia
+ nfire
or as bk0011m suggested , only then it's not ISA but TMG