I have servers in my DMZ that show people attempting to
logon guessing the user accounts and passwords, they are
getting denied but wanted to know if there is any way to
prevent them from even attempting to access the server.

Also I have one server where they are trying local
accounts and wanted to know how they were able to get the
list of users to try and breakin? Is there a exploit I
have that allowed them to access the local sam that I
need to fix??

Do you have a firewall in front of these servers in your DMZ? Because
depending on the Windows OS version, SMB will reveal a whole lot about the
machine's local accounts like names.

As for denying people who are guessing user accounts/passwords -- how do you
plan on identifying these entities??? All information they give you is
completely forgeable (including IP), so if you can't even identify them, how
can you deny them access? There are various "approximations", but none can
work 100%.

What you can do is slow them down by setting password policies -- i.e. allow
them opportunity to only guess three passwords per user per day -- to the
point that brute-force isn't going to work -- but you have to balance that
with any potential DoS they can launch against a user by simplying failing
to login over the limit.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
I have servers in my DMZ that show people attempting to
logon guessing the user accounts and passwords, they are
getting denied but wanted to know if there is any way to
prevent them from even attempting to access the server.

Also I have one server where they are trying local
accounts and wanted to know how they were able to get the
list of users to try and breakin? Is there a exploit I
have that allowed them to access the local sam that I
need to fix??

Thanks in advance