Hi,
We recently had a webserver get the admin account locked out for 6 hours - what a mess - we've changed policy to shorter time now. If this happens to you, we received recommendations for ERD Commander which we may purchase, but our 6 hours expired before we purchased it.
But, how can we block the DOS attack that is coming from the internet that locks out every nt account on our server?
We have a firewall and block ports 135,137-139,445.
Are there any other ports that need to be blocked to prevent this kind of internet attack?
Any other changes?
How can we prevent them from seeing which nt accounts exist?
This is a public web server, so it's not possible to disconnect it from the internet.
The server is win nt4 sp6a, all patches applied.
But, we've seen the same problem on win2k servers.
Hope there's a way to block this.
Thanks
David
We recently had a webserver get the admin account locked out for 6 hours - what a mess - we've changed policy to shorter time now. If this happens to you, we received recommendations for ERD Commander which we may purchase, but our 6 hours expired before we purchased it.
But, how can we block the DOS attack that is coming from the internet that locks out every nt account on our server?
We have a firewall and block ports 135,137-139,445.
Are there any other ports that need to be blocked to prevent this kind of internet attack?
Any other changes?
How can we prevent them from seeing which nt accounts exist?
This is a public web server, so it's not possible to disconnect it from the internet.
The server is win nt4 sp6a, all patches applied.
But, we've seen the same problem on win2k servers.
Hope there's a way to block this.
Thanks
David
