Block clients from accessing domain controllers

[Rob McShinsky]

I am looking for a quick and dirty way to block identified clients both
inside and outside the domain from making logon attempts to the domain
controller. We have had some internal problems with variant of the Gaobot
virus which try feverishly to use its list of username and passwords against
the domain controller. We have seen upwards of 200000 failed logon attempts
in 15 minutes. This is causing a type of denial of service situation where
the domain controllers at out main site are getting loaded so much that
logon requests are being sent to DC's at different AD sites across slower
links. Any thoughts would be helpful.

Rob McShinsky

 

[paisher]

-----Original Message-----
I am looking for a quick and dirty way to block identified clients both
inside and outside the domain from making logon attempts to the domain
controller. We have had some internal problems with variant of the Gaobot
virus which try feverishly to use its list of username and passwords against
the domain controller. We have seen upwards of 200000 failed logon attempts
in 15 minutes. This is causing a type of denial of service situation where
the domain controllers at out main site are getting loaded so much that
logon requests are being sent to DC's at different AD sites across slower
links. Any thoughts would be helpful.

Rob McShinsky


.
Close port 88? Disable or stop the authentication

service.

 

[Rob McShinsky]

A little too dirty. That would shutdown the other 5000 people who do not
have the virus on their machine.