Block clients from accessing domain controllers

's Computer Specifications

I am looking for a quick and dirty way to block identified clients both
inside and outside the domain from making logon attempts to the domain
controller. We have had some internal problems with variant of the Gaobot
virus which try feverishly to use its list of username and passwords against
the domain controller. We have seen upwards of 200000 failed logon attempts
in 15 minutes. This is causing a type of denial of service situation where
the domain controllers at out main site are getting loaded so much that
logon requests are being sent to DC's at different AD sites across slower
links. Any thoughts would be helpful.

Rob McShinsky

's Computer Specifications

>-----Original Message-----
>I am looking for a quick and dirty way to block
identified clients both
>inside and outside the domain from making logon attempts
to the domain
>controller. We have had some internal problems with
variant of the Gaobot
>virus which try feverishly to use its list of username
and passwords against
>the domain controller. We have seen upwards of 200000
failed logon attempts
>in 15 minutes. This is causing a type of denial of
service situation where
>the domain controllers at out main site are getting
loaded so much that
>logon requests are being sent to DC's at different AD
sites across slower
>links. Any thoughts would be helpful.
>
>Rob McShinsky
>
>
>.
>Close port 88? Disable or stop the authentication
service.

's Computer Specifications

A little too dirty. That would shutdown the other 5000 people who do not
have the virus on their machine.

"paisher" <(E-Mail Removed)> wrote in message
news:1761801c42169$45817050$(E-Mail Removed)...
>
>>-----Original Message-----
>>I am looking for a quick and dirty way to block
> identified clients both
>>inside and outside the domain from making logon attempts
> to the domain
>>controller. We have had some internal problems with
> variant of the Gaobot
>>virus which try feverishly to use its list of username
> and passwords against
>>the domain controller. We have seen upwards of 200000
> failed logon attempts
>>in 15 minutes. This is causing a type of denial of
> service situation where
>>the domain controllers at out main site are getting
> loaded so much that
>>logon requests are being sent to DC's at different AD
> sites across slower
>>links. Any thoughts would be helpful.
>>
>>Rob McShinsky
>>
>>
>>.
>>Close port 88? Disable or stop the authentication
> service.

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Block clients from accessing domain controllers	Rob McShinsky	Microsoft Windows 2000	5	13th Apr 2004 08:39 PM
Block clients from accessing domain controllers	Rob McShinsky	Microsoft Windows 2000 Active Directory	2	13th Apr 2004 03:24 PM
Clients registering as Domain Controllers in DNS	=?Utf-8?B?SmF5bXo=?=	Microsoft Windows 2000 Networking	0	6th Oct 2003 08:46 PM
Accessing Domain controllers through Firewall	Nasser Hosseini	Microsoft Windows 2000 Security	1	21st Jul 2003 03:31 PM
Accessing Domain controllers through Firewall	Nasser Hosseini	Microsoft Windows 2000 Networking	1	21st Jul 2003 03:31 PM