I manage several servers, recently, I’ve noticed that 3 or 4 of these servers are logging hundreds of failed login attempts via multiple ports that aren’t even open in the router. All of the servers are Server 2003 systems and the failed logins are utilizing usernames that indicate that this is an active attempt to hack the server, e.g. admin, administrator, pos, sales, manager…etc. Has anyone been experiencing this? Most of the servers are behind an older Linksys router, but, one of them is behind a Cisco ASA 5500; any ideas?
