stop hacker keep trying to login with FTP

[Isabella]

I find the records in event eviewer that someone keep trying to login (FTP)
my Win2K with bad password. What should I do?

Isabella

 

[João Forte]

You can't stop them from trying, what you can do is prevent them from brute
forcing... to you have a attempts to login limit ? like 3 or so..

If you don't limit failed login attemps, they'll brute force your passwords.
If you have this limit set, i don't see how you can stop them from trying

(assuming, you're running a FTP server, and you want ppl with right to
access it)

 

[Steven L Umbach]

You could also configure your firewall to block his ip address, though it may change
time to time if he has dynamic address from his ISP. Also if he is using a
legitimate user name then you may need to check your firewall to be sure that
netbios/file and print sharing ports are closed to the internet. You could also
rename administrator account for extra security measure.--- Steve

http://scan.sygatetech.com/ -- Scan your firewall here.

 

[Isabella]

Yes, it is good idea. But is there anyway to find his ip address?

 

[Isabella]

But it will disable the account and the real user will not be able to login.

 

[Steven L Umbach]

You would have to look in your firewall log for ip traffic that matches the
time on the failed logon attempts assuming they are pretty much synched for
time. -- Steve

 

[Isabella]

I don't have a firewall. I just use IPSec. Is IPSec or Win2K server also has
record the IP traffic?

 

[Steven Umbach]

Unfortunately no. That is one of the limitations of ipsec, but to be fair it was
not designed to be an internet firewall. --- Steve