I had my server under 2 firewalls. One from my router and one from my windows server. Only VPN port was acccessible. Recently I was getting failed login attempts daily with changing usernames from svchost.exe. I thought it was just a scheduled task failing to execute as it had no IP details. IAS is not set up but it says process id is IAS. Digging deep for analysis, I found failed login attempts from an IP which is marked malicious on multiple websites. Its location is russia, and is surely a bruteforce attack. I want to know which port is being used and how requests are being sent as only local ip adresses are allowed to connect to server. No port is given.
Asked
Active
Viewed 49 times
