Identifying possible Hack attack on Win2000

Hello,

For the second day in a row my WIN2000 Server system log file is full of warnings like this:
--------------------
MSFTPSVC
The server was unable to logon the Windows NT account 'blablabla' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.
---------------------
Apperantly someone trying to log in to the FTP. Due to the accounts that they are trying I suspect this is the work of a hacker.
What measures could I take? Any hints or tips?
I just enabled the FTP log of IIS to gather more info.
Could you recommend software that could be usefull in situations like this. For example That help identify problems.
Do you know of a way to make it inpossbile to try to log in more that 100 times a day to an account?

Any hints, thoughts or links to usefull resources on this issue are more then welcome.


Rob Siera

 

 

 

 

Top