fail to ban for Microsoft RDP servers?
-
Can someone recommend a package that works on Microsoft Server 2012 R2 servers that bans IPs if they try to RDP using certain account names, or fail multiple times in a certain time frame?
Some of the older tools don't work because the event log doesn't seem to keep track of IPs in server 2012.
-
In theory you can do it with a Linux-based firewall sitting in front of RDP. I know that there is one for RDP, just don't remember it off of the top of my head. But actual Fail2Ban can do it, but it takes a lot of complexity because it doesn't talk to RDP directly.
-
Found it...
-
I've heard of RDP Guard. I know it's compatible with 2012 R2 but have never used it. Site looks shady though.
-
What about actual Fail2Ban?
https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/
I've not done this, but looks possible.
-
I put RdpGuard on a couple servers. In a matter of minutes I had 17 IPs banned.
-
@Mike-Davis said in fail to ban for Microsoft RDP servers?:
I put RdpGuard on a couple servers. In a matter of minutes I had 17 IPs banned.
Nice, glad to hear that that is working out! Sounds like good feedback so far.
-
@Mike-Davis said in fail to ban for Microsoft RDP servers?:
I put RdpGuard on a couple servers. In a matter of minutes I had 17 IPs banned.
Here's another possibility
http://serverfault.com/questions/43360/cygwin-sshd-autoblock-failed-logins/43900#43900 -
Scott how fat apart did we post? Seconds? I guess technically a minute. FML
-
@wirestyle22 said in fail to ban for Microsoft RDP servers?:
Scott how fat apart did we post? Seconds? I guess technically a minute. FML
Oh, I thought that you were responding to what I had posted
-
@scottalanmiller Nope. Actual recommendation
-
@wirestyle22 said in fail to ban for Microsoft RDP servers?:
@scottalanmiller Nope. Actual recommendation
Ha ha. That's funny. Well it is what got deployed so that worked.
-
@scottalanmiller said in fail to ban for Microsoft RDP servers?:
@wirestyle22 said in fail to ban for Microsoft RDP servers?:
@scottalanmiller Nope. Actual recommendation
Ha ha. That's funny. Well it is what got deployed so that worked.
I'm just glad I recommended the correct solution tbh lol
-
We had a thread here about a year ago about some Fail2Ban style service for Windows servers. Not able to search for it at the moment.