I am search to find a program, or a way to block ips that make port scan on the server.
The goal is to hide some ports like remote desktop on a different port. So some are search the port with port scanning to locate this port and start the attacks.
The server is running Windows Server 2008 64-bit, and its a remote administrate server with iis and mail services mostly.
In previus versions of Windows Servers (eg on 2003) I use the comodo firewall that have this ability, but on 2008 comodo just not work and I am searching for something else but still did not found any.
Can you please give me some ideas/solutions ?
Thank you in advanced.
Best Answer
I'd really want a hardware firewall in front of this server if it's exposed to the Internet.
Also, use IP restrictions in whatever firewall you end up using to only permit RDP access from certain hosts/IP ranges. This will eliminate your typical, random port scanning.
EDIT
If you can't restrict access by IP address/range, have a look at Snort, an Intrusion Detection/Prevention System, that's free/open source and runs on Windows*.
*Have not used it on Windows 2008 64-bit, but can confirm it does work on win32.