Ali Akkawi 0 Posted July 24 Share Posted July 24 I noticed with several brute force attacks from different sources for several days. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted July 24 Administrators Share Posted July 24 It's typical of servers or machines that are directly accessible from the Internet. Isn't that the case? Quote Link to comment Share on other sites More sharing options...
Ali Akkawi 0 Posted July 24 Author Share Posted July 24 Yes. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted July 24 Administrators Share Posted July 24 So... In order to prevent the malicious communication from reaching the server where ESET detects it, blocks it and logs it, put a firewall before the server and filter the communication there depending on what services run on the server and must be accessible from the Internet. Peter Randziak 1 Quote Link to comment Share on other sites More sharing options...
Ali Akkawi 0 Posted July 24 Author Share Posted July 24 Ok for the firewall. But such situation can be considered as attack since some of the source IP addresses were blacklisted by ESET as shown by the figure? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted July 24 Administrators Share Posted July 24 Of course, computers directly accessible from the Internet are continually being attacked. If the communication cannot be restricted on a firewall, e.g. because the server works as a web or mail server, it should be always kept up to date and protected against exploitation. Still, you could use a firewall and restrict communication to desired ports or remote IP addresses or subnets, e.g. when it comes to RDP communication from outside. Peter Randziak 1 Quote Link to comment Share on other sites More sharing options...
Ali Akkawi 0 Posted July 24 Author Share Posted July 24 How to know the username who attempt the attack? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted July 24 Administrators Share Posted July 24 Why username? There's not any. You see the remote IP in the logs. Quote Link to comment Share on other sites More sharing options...
Ali Akkawi 0 Posted July 24 Author Share Posted July 24 I know but in some cases the username will give me some indications who can initiate such attempt. Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,838 Posted July 24 Administrators Solution Share Posted July 24 A username can be sent only after establishing a connection which doesn't happen if it's blocked due to a blacklisted IP address. However, the brute-force attack detection blocks communication if several wrong login attempts have been attempted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.