Jump to content

Several SMB.Attack.Bruteforce from different sources for several days.


Go to solution Solved by Marcos,

Recommended Posts

Posted

I noticed with several brute force attacks from different sources for several days. 
Screenshot 2023-07-24 112424.png

  • Administrators
Posted

It's typical of servers or machines that are directly accessible from the Internet. Isn't that the case?

  • Administrators
Posted

So... In order to prevent the malicious communication from reaching the server where ESET detects it, blocks it and logs it, put a firewall before the server and filter the communication there depending on what services run on the server and must be accessible from the Internet.

Posted

Ok for the firewall. But such situation can be considered as attack since some of the source IP addresses were blacklisted by ESET as shown by the figure?

  • Administrators
Posted

Of course, computers directly accessible from the Internet are continually being attacked. If the communication cannot be restricted on a firewall, e.g. because the server works as a web or mail server, it should be always kept up to date and protected against exploitation. Still, you could use a firewall and restrict communication to desired ports or remote IP addresses or subnets, e.g. when it comes to RDP communication from outside.

  • Administrators
Posted

Why username? There's not any. You see the remote IP in the logs.

Posted

I know but in some cases the username will give me some indications who can initiate such attempt.

  • Administrators
  • Solution
Posted

A username can be sent only after establishing a connection which doesn't happen if it's blocked due to a blacklisted IP address. However, the brute-force attack detection blocks communication if several wrong login attempts have been attempted.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...