Windows 7 | How to block a remote IP after n failed login attempts?

K

Konstantin2011-12-09 03:32:48

Windows

Konstantin, 2011-12-09 03:32:48

Recently there was such a problem:

csrss.exe at some point starts to constantly restart. Something will do there for himself, and bam - restarted. And so constantly.
I looked Process Monitor'om, than he is so busy there. I did not notice any suspicious (viral) activity.
Then I downloaded Process Explorer and noticed that csrss.exe initiates a call to winlogon.exe, which means it is processing a login attempt.
Since I don’t try to log in locally every second, I remembered that I have a white IP and 3389 sticks out. It turns out that they stupidly brut me on port 3389, which affects the overall performance of the system.
Hence the question: how to block a remote IP after 5 unsuccessful login attempts using standard Windows 7 tools?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey, 2011-12-09
@bondbig

In this formulation of the question, the problem is not solved. Just try to make a filter by external addresses, adding only your own there. Well, or put a third-party firewall.

A

Andrey, 2011-12-09
@shinyweb

You can try changing the standard RDP port to some other one. http://support.microsoft.com/kb/306759

K

Kirill Mamaev, 2011-12-09
@r00tGER

If at home, then make rules for the firewall.
If in the office, then in general, in its pure form, do not release RDP to the Internet.
I somehow set a timeout of 40 minutes after an unsuccessful logon (three attempts). It was in Unix, there was no echo response when entering the password - I had to wait three times for a timeout until I realized that the key on the keyboard did not always work