Blocking login attempts

I am running a windows 7 under VMWare in a server hall. I use Remote Desktop to access it. It is also a mail server and a web server so it is open to thje network. I am running Internet Security Pro on it.

I have a problem with what looks like “bots” hammering on it trying to login. They do not succeed but the constant hacking results in a memory leak eating all available memory.
Is there a way to limit login from a list of IP numbers?

CIS is not a server grade security solution. Its designed around the Home/Office type of setting.

That does not answer my question or does that imply that there is no way to block IP-addresses from logging into Remote Desktop

If you want to block a incoming IP’s from logging, set up a block rule in Global rules not to log.

Please make sure it is at the top of the list.

Dennis

Block Logging?

I want to stop the “bot” hacking me at the front door!

No you block a incoming IP, and set the rule not to log.

Problem is I do not know the incoming IP, it could be anyone. I would like to tell The Firewall which IP:s are allowed

Do the same block rule but use the IPs that should be allowed and then tick the exclusion (basically saying “block all but these IPs”)

Put a block all rule at the bottom then add the ones you want to allow in above it.

Please note, check all allow rules that they actually are working ie:- set them to log, before setting the block rule.

Once you have set the block rule you will have no access if the allow rules you created fail.

Dennis

OK thanks

I get the idea. Some hints as to where to do this would be helpful.

If you know which process is responsible for remote access traffic then I’d suggest making the rules for that application, otherwise the global rules would also work.

Did some more looking. The IP hammering my login was 221.13.39.1 (Chinese!)
so I blocked that IP. Might just be a temporary solution but I try this first