Ban, slowdown or stop massive login attempts to RDP

windows-server-2008-r2

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

One of the servers are being hit by a dictionary attack. I have all the standard security in place (renamed Administrator, etc.) but want to know is there a way to limit or ban the attack.

Edit: The server is remote only. I need RDP to access it.


Block RDP at the firewall. I don't know why so many people allow this. If you need to RDP to your server, setup a VPN.


Change the port and virtually all attacks will stop.

Attacks are usually not directed to you specifically but to all IPs. So they won't try non-default ports because it's simply not worth it; trying the next IP has chances orders of magnitude greater than trying the next port.

Related

Linux server out of space
Reverse DNS - how to correctly configure for SMTP delivery
what is exactly an URE?
Can windows domain controller be virtualized?
How do I know if I am running 32 or 64-bit Linux?
Clarification of why DNS zone files require NS records
Why does Heroku warn against "naked" domain names?
How do you setup ssh to authenticate using keys instead of a username / password?
Smoothest workflow to handle SSH host verification errors?
OpenVPN not default gateway for all traffic
Why drop caches in Linux?
Load balancing & NAT-ing multiple ISP connections on Linux