I have put an IPSec filter in place on my servers that blocks access to RDP (port 3389) from outside our local subnet. The filter is pushed out in a GPO which makes it easy to modify and add or remove services to be blocked. In order to access the servers from home, I am running RRAS on one server to allow VPN connections to the local subnet. Of course, this solution may not be flexible enough if you are running TS in app mode, and it does not prevent attacks from the local subnet. Doug ---- University Services Michigan State University [log in to unmask] Voice: 517/355-0357 x163 Fax: 517/353-2024 >>> [log in to unmask] 06/04/02 12:22PM >>> hi, I saw a message on the UNISOG mailing list about a security "tool" being developed that would brute force attack terminal services. I've been using terminal services for remote access to my servers, so this concerned me. Basically it grinds through, testing passwords on the administrator account (which apparently canned be locked out for too many bad password attempts). Unless you watch your log files closely, you might never notice. <snip>