Suggestion for improvement on security

 

I could not find the info below, if it does exists please reply with the location within your logs.

 

 

When someone attemps to login via remote desktop, Norton logs the ip address of the connection attempting to login regardles if it connects or not. This will enable me and others to block addresses from malicious connections, preventing these types of problems.

 

MS Event log Message:

 

The terminal server received large number of incomplete connections. The system may be under attack.

 

thanks