Firewall settings to block login attempts

Someone (more likely, ones!) has been trying to guess account names and passwords on my Windows 2000 server. I can't tell how they're trying--all I see are repeated "Unknown user name or bad password" messages in the Event Log. Although the log shows a workstation name for each attempt, I don't recognize any of the names. The IIS logs (HTTP and FTP) don't show anything related to these attempts.

I have the system configured to log failed login attempts, and to temporarily disable accounts that have had repeated failed login attempts.

The only ligitimate access should be through Terminal Services and IIS (HTTP, SMTP, and FTP). The server uses SQL Server, but all access should be through either ASP code or Microsoft-provided tools via Terminal Services.

I'm installing a firewall (OK, I should have done this a while ago!), and am planning on disabling all but the following:

Protocol: Port
DNS: 53, UDP/TCP
FTP: 21
HTTP: 80, UDP/TCP
HTTPS: 443, UDP/TCP
MS SQL: 1433
SMTP: 25
SSH: 22
Terminal Services/RDP: 3389

Will disabling all but the above be what I want?

There are no other workstations in my domain. Should I disable DNS?

Thank you in advance for your help!

Jeri
jerimorris2000@yahoo.com

 

 

 

 

Top