ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    fail to ban for Microsoft RDP servers?

    IT Discussion
    6
    14
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mike Davis
      last edited by Mike Davis

      Can someone recommend a package that works on Microsoft Server 2012 R2 servers that bans IPs if they try to RDP using certain account names, or fail multiple times in a certain time frame?

      Some of the older tools don't work because the event log doesn't seem to keep track of IPs in server 2012.

      1 Reply Last reply Reply Quote 1
      • S
        scottalanmiller
        last edited by

        In theory you can do it with a Linux-based firewall sitting in front of RDP. I know that there is one for RDP, just don't remember it off of the top of my head. But actual Fail2Ban can do it, but it takes a lot of complexity because it doesn't talk to RDP directly.

        1 Reply Last reply Reply Quote 0
        • S
          scottalanmiller
          last edited by scottalanmiller

          Found it...

          RDPGuard

          RDPBuard Logo

          1 Reply Last reply Reply Quote 1
          • W
            wirestyle22
            last edited by

            I've heard of RDP Guard. I know it's compatible with 2012 R2 but have never used it. Site looks shady though.

            1 Reply Last reply Reply Quote 0
            • S
              StrongBad
              last edited by

              What about actual Fail2Ban?

              https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/

              I've not done this, but looks possible.

              1 Reply Last reply Reply Quote 1
              • M
                Mike Davis
                last edited by

                I put RdpGuard on a couple servers. In a matter of minutes I had 17 IPs banned.

                S D 2 Replies Last reply Reply Quote 4
                • S
                  scottalanmiller @Mike Davis
                  last edited by

                  @Mike-Davis said in fail to ban for Microsoft RDP servers?:

                  I put RdpGuard on a couple servers. In a matter of minutes I had 17 IPs banned.

                  Nice, glad to hear that that is working out! Sounds like good feedback so far.

                  1 Reply Last reply Reply Quote 1
                  • D
                    Deleted74295 Banned @Mike Davis
                    last edited by

                    @Mike-Davis said in fail to ban for Microsoft RDP servers?:

                    I put RdpGuard on a couple servers. In a matter of minutes I had 17 IPs banned.

                    Here's another possibility
                    http://serverfault.com/questions/43360/cygwin-sshd-autoblock-failed-logins/43900#43900

                    1 Reply Last reply Reply Quote 0
                    • W
                      wirestyle22
                      last edited by wirestyle22

                      Scott how fat apart did we post? Seconds? I guess technically a minute. FML

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        scottalanmiller @wirestyle22
                        last edited by

                        @wirestyle22 said in fail to ban for Microsoft RDP servers?:

                        Scott how fat apart did we post? Seconds? I guess technically a minute. FML

                        Oh, I thought that you were responding to what I had posted 🙂

                        W 1 Reply Last reply Reply Quote 0
                        • W
                          wirestyle22 @scottalanmiller
                          last edited by

                          @scottalanmiller Nope. Actual recommendation 😄

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            scottalanmiller @wirestyle22
                            last edited by

                            @wirestyle22 said in fail to ban for Microsoft RDP servers?:

                            @scottalanmiller Nope. Actual recommendation 😄

                            Ha ha. That's funny. Well it is what got deployed so that worked.

                            W 1 Reply Last reply Reply Quote 0
                            • W
                              wirestyle22 @scottalanmiller
                              last edited by

                              @scottalanmiller said in fail to ban for Microsoft RDP servers?:

                              @wirestyle22 said in fail to ban for Microsoft RDP servers?:

                              @scottalanmiller Nope. Actual recommendation 😄

                              Ha ha. That's funny. Well it is what got deployed so that worked.

                              I'm just glad I recommended the correct solution tbh lol

                              1 Reply Last reply Reply Quote 0
                              • J
                                JaredBusch
                                last edited by

                                We had a thread here about a year ago about some Fail2Ban style service for Windows servers. Not able to search for it at the moment.

                                1 Reply Last reply Reply Quote 0
                                • 1 / 1
                                • First post
                                  Last post