easiest way to monitor ports for error 4625 NTLM attacks on Windows Server [on hold]

Published: 4/10/2017
easiest way to monitor ports for error 4625 NTLM attacks on Windows Server [on hold]
Source: SECURITY.STACKEXCHANGE.COM

I'm getting thousands of hack attacks on a Windows server resulting in Security log error 4625 entries. Hackers are using random IPs, so the usual RDPguard, Syspeace, etc. tools don't work. Port 3389 is closed on the server, so I'm surprised at the continued attacks. I'd like to figure out what local ports the attackers are connecting to for their attempts, but all the automated tools I've fo

Read more
Related news
Comment