Over the past several months, I've noticed a lot of login attempts from Foreign IP addresses trying to log into my Exchange server. The server is fully patched but I would like to block these IP's at the firewall so that they simply can't try the login attempt.
I thought I had the correct Extended ACL created, but I can still see the IP's hitting my Exchange server log. Below are the ACL's I have, any suggestions are welcome.
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq smtp
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq pop3
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq 995
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq 587
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq 465
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq 993
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq https
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq www
access-list External-Verizon_access_in_1 extended deny tcp any object MAIL-SERVER eq ftp
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq smtp
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq www
access-list External-Verizon_access_in_1 extended permit tcp any object MAIL-SERVER eq https
access-list External-Verizon_access_in_1 extended deny icmp any any
access-list External-Verizon_access_in_1 extended deny tcp any any eq 3389 log
access-list External-Verizon_access_in_1 extended deny ip any any log
access-list BLOCK-IP-RANGES extended deny ip 207.180.212.0 255.255.255.0 any log
access-list BLOCK-IP-RANGES extended deny ip 87.246.7.0 255.255.255.0 any log
access-list BLOCK-IP-RANGES extended deny ip 5.188.206.0 255.255.255.0 any log
as you can see, I'm trying to block the entire 5.188.206.0/24 subnet but it doesn't appear to be working.
Thoughts?
