Windows Terminal Services (sometimes they can be)

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

Ever wonder how to block the attacks that seem to be more frequent from the script kiddies against Terminal Services on Windows Server (2003, or 2008, or 2008R2)?

So have I.
Since you no longer have the ability to log the offending IP (as could be done in Windows Server 2000), you are stuck in later versions of Windows.

Thankfully, super sysadmin Evan Anderson has figured it out so you and I don't have to!
Here is his solution: ts_block
Nice bit of coding there. Can't wait to try it out (or steal the bits I need to kludge up my own solution).
I appreciate the sharing in either case.