hi.
i have a 2008 R2 (stand-alone) Server / sp 1 and automatic updates turned on. in the security log, i find several (failed) logon attempts like this one:
type: 3
accountname/Domain: some invalid ones
source-port and ip are given
process: ntlmssp
package: NTLM
so it appears someone is trying to log into that machine. However, as far as i know, Login via rdp is limited to only some ip addresses (None of which are those from the source-address.). The rule for the logon-service (NP incoming) is not activated (and thus i thought no other logon methods would be available, because the Firewall would drop all other incoming connections attempts.)
obviously, i'm missing something: How do i make the firewall drop all remote logon attemps apart from those rdp ones from know ip-addresses?
WM_THX
-thomas