Jump to content

Several SMB.Attack.Bruteforce from different sources for several days.


Go to solution Solved by Marcos,

Recommended Posts

  • Administrators

It's typical of servers or machines that are directly accessible from the Internet. Isn't that the case?

Link to comment
Share on other sites

  • Administrators

So... In order to prevent the malicious communication from reaching the server where ESET detects it, blocks it and logs it, put a firewall before the server and filter the communication there depending on what services run on the server and must be accessible from the Internet.

Link to comment
Share on other sites

Ok for the firewall. But such situation can be considered as attack since some of the source IP addresses were blacklisted by ESET as shown by the figure?

Link to comment
Share on other sites

  • Administrators

Of course, computers directly accessible from the Internet are continually being attacked. If the communication cannot be restricted on a firewall, e.g. because the server works as a web or mail server, it should be always kept up to date and protected against exploitation. Still, you could use a firewall and restrict communication to desired ports or remote IP addresses or subnets, e.g. when it comes to RDP communication from outside.

Link to comment
Share on other sites

  • Administrators
  • Solution

A username can be sent only after establishing a connection which doesn't happen if it's blocked due to a blacklisted IP address. However, the brute-force attack detection blocks communication if several wrong login attempts have been attempted.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...