Is there a setting to limit login attempts?

70 pts.
Tags:
Hacking
Microsoft Windows Server 2003
Security
Windows 2003 networking
Windows Server 2003 Domain Controller
For three days we have had someone trying to hack into our system using random names and passwords. The attempt with each name lasts for 30 minutes then the name changes. No IP address shows up so I can't block it or a block of IP addresses. Is there a way I can close the login off after say five unsuccessful attempts? Also, since the names change, will the attempt just change to the next name after every five attempts?

Answer Wiki

Thanks. We'll let you know when a new response is added.

If you go into your Group Policy Management console and go under Forest > Domains > DomainName > Default Domain Policy you can setup your Account Policies and Account Lockout Policy to lockout an account for a specific period of time when “n” number of login attempts are tried and failed.

You definately need to find out where it is coming from though. Do you know if it is internal or external?

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Scl2
    Thanks for your response. It is definitely coming from an external source. Up to this point there has been no breach so that is a positive. Like I said before, the IP address of the source is being blocked so I have no way of tracing it. Over last weekend the break in attempt from this source went on for 29 straight hours, so needless to say, I am a little concerned. I have only been here for a few months, but the person before me put our email on the domain server, so that isn't helping matters much. Since we have employees that work remotely and need access to email, I need to keep that IP address public.
    70 pointsBadges:
    report
  • TRB86
    As you have indicated, decisions made before you came, have put your systems in a risky state, I would suggest that you at least get hardware firewall and put it between your system and the internet. Configure the firewall to allow only the minimum number of open inbound, port such as 25 & 110 for mail; port 80 if you have a web. If your employees don't need to log on to their accounts block 138, etc. externally.. If they do, consider setting up an inbound secure VPN connection on a special port. Some people do all of this at home with something like a $50 Linksys router if their need are simple.
    10 pointsBadges:
    report
  • Scl2
    TRB86, Thanks for the ideas on the firewall. We do have a SonicWALL and an eSafe box in between the outside world and our system. Everyone can VPN into the system. I'll check the settings you have mentioned though. We have decided to get a second server for Exchange and move the public IP to that server and hide the main server.
    70 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following