Answer the question
In order to leave comments, you need to log in
K
K
Konstantin2011-12-09 03:32:48
Konstantin, 2011-12-09 03:32:48
Windows 7 | How to block a remote IP after n failed login attempts?
Recently there was such a problem: 
csrss.exe at some point starts to constantly restart. Something will do there for himself, and bam - restarted. And so constantly.
I looked Process Monitor'om, than he is so busy there. I did not notice any suspicious (viral) activity.
Then I downloaded Process Explorer and noticed that csrss.exe initiates a call to winlogon.exe, which means it is processing a login attempt.
Since I don’t try to log in locally every second, I remembered that I have a white IP and 3389 sticks out. It turns out that they stupidly brut me on port 3389, which affects the overall performance of the system.
Hence the question: how to block a remote IP after 5 unsuccessful login attempts using standard Windows 7 tools?
3 answer(s)
@bondbig
@shinyweb
@r00tGER
S
Sergey, 2011-12-09 @bondbig
In this formulation of the question, the problem is not solved. Just try to make a filter by external addresses, adding only your own there. Well, or put a third-party firewall.
A
Andrey, 2011-12-09 @shinyweb
You can try changing the standard RDP port to some other one. http://support.microsoft.com/kb/306759
K
Kirill Mamaev, 2011-12-09 @r00tGER
If at home, then make rules for the firewall.
If in the office, then in general, in its pure form, do not release RDP to the Internet.
I somehow set a timeout of 40 minutes after an unsuccessful logon (three attempts). It was in Unix, there was no echo response when entering the password - I had to wait three times for a timeout until I realized that the key on the keyboard did not always work
Similar questions
P
W
A
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question