[Server 2008] Securing from Bruteforce attacks using IP Ban

What Is IP Ban?

IP Ban is a 3rd party application that has been developed in C# this application will work in a similar fashion to fail2ban (linux) in that it will ban IP addresses that fail to access RDP and MSSQL after a set threshold of attempts

 

Installation

 sc create IPBAN start= auto binPath= "C:\Windows\IPBan\ipban.exe" DisplayName= "IPBAN"

  • Start the service

 sc start IPBAN

 

Removing Bans

  • Go into Windows firewall rules (Start Menu -> Administrative Tools -> Windows Firewall with Advanced Security)
  • Expand Inbound Rules
  • Right-click rule "BlockIPAddresses" and click Properties.
  • Click on the Scope tab and you can view/remove all blocked IPs

 

Was this article helpful?
1 out of 2 found this helpful