Does fail2ban do Windows?

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Does fail2ban do Windows? was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, security, , , .

Can anyone recommend a fail2ban-like tool for a Windows OS? I’ve got a couple of Windows Media servers that get hammered with brute force authentication attempts. I would like to plug these authentication failures into some kind of blocking tool.

I know of no tool that will do this “out of the box”. I wrote a script to do something like this with failed OpenSSH logons on Windows, but I can’t share it with you because it “belongs” to the Customer for whom I wrote it.

Having said that, it was a simple VBScript program that had an event log sink to watch for new failed logons and, if enough happened in a time window, add an IP route (using the “route” command) to route traffic to the offending IP address to a “MS Loopback Adapter” on the system.

For other types of logs, it would be a fairly trivial matter to write. Since I didn’t have IPtables on Windows, the loopback adapter seemed like the next best thing. (You can’t do a “route x.x.x.x mask 255.255.255.255 127.0.0.1” on Windows– you need an adapter to route the traffic to, because the 127.0.0.1 loopback isn’t a “real” interface on Windows.)

(If you want something like this written, contact me out-of-band and we can discuss the specifics of such an arrangement.)

Edit:

I decided to write something to do this and I’ve released it under a Free license.

Check out this project – ts_block

I’m using it and thus far its terrific (Windows Server 2008 R2 RDS, system is behind a firewall but I didn’t feel like using an ssl vpn gateway to the server)

wail2ban claims to be a Windows port of fail2ban

I found a tool called RdpGuard (https://rdpguard.com) that starts at $79 and appears like it might work. I haven’t tested it yet, but might give it a go for my SMTP solution.

Leave a Reply

Your email address will not be published.