Dear all, Sorry if this already been answered. I spent an hour on the forum to search, but didn't find something useful. The question, I believe many already asked, is: when you left your Windows Server 2008 on the Internet, serving IIS, FTP, Remote Desktop, etc., you'll see lots of attack (i.e. trying to login with Brute Force). Although I could get these IP address from Security log, and then add it into Firewall block list, it's manual work. How about something magic that detect this and auto block this IP on everything for, say 5 mins? Best regards, dong

Hi, Stopping brute force attacks automatically isn't the job of a web server, or any server for that matter. Some smart IDS and expensive firewall have this feature I think.

That's something I didn't realize. So in fact Windows Firewall with Advanced Features should be discontinued and leave that function to some 3rd party companies. Apparently protection from Internet attack is not in the interest for Windows Server 2008/R2?! Tech-wise, how difficult this can be? If I can check Security Log and identify bad IPs and add to block list, why the system can't do this for me? Someone from MS to confirm this? Best, dong

Hi Dong, Thank you for your post. By providing host-based, two-way network traffic filtering for a computer, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local computer. By using the Software Configuration Wizard (SCW), you can create firewall rules to allow this computer to send traffic to or receive traffic from programs, system services, computers, or users. Firewall rules can be created to take one of three actions for all connections that match the rule's criteria: allow the connection, only allow a connection that is secured through the use of Internet Protocol security (IPsec), or explicitly block the connection. The firewall rules should be created manually, and it could not be created by Windows Firewall itself. For more information about Windows Firewall: http://technet.microsoft.com/en-us/network/bb545423.aspx Best Regards, James

I managed to write a powershell script for this, to ACTIVELY protect my ports. :) Anyone interested to see it? Best, dong

it should be a useful script. can you share it? thanks

Please do Xied! I have been looking for such a thing a long time..

Dear everyone, I finally got time to finish a blog on this, please check the code there. http://sqlblogcasts.com/blogs/dong/archive/2012/03/06/auto-blocking-attacking-ip-address.aspx Best, dong