WinFail2ban scans log files/event viewer and bans IP that makes too many password failures.
How does WinFail2Ban work?
A common method is brute force, attackers attempt combination’s of the accepted character set in order to find a specific combination that gains access to the authorized area.
It has three main steps:
1. Intrusion Attack
2. Analyze Log
3. Block Attacker
Every attack leave traces into log files. WinFail2Ban is able to parse many type of logs. Analyzing multiple log files could be heavily and time consuming, and moreover is difficult to correlate same attacker IP address on multiple sources
Features of WinFail2Ban:
1. FTP detection
2. IIS logs
3. Event viewer
4. Windows firewall logs
5. IP blacklisting
6. IP white listing
7. database support
Everyone who is struggling with system hack problems in LAN or WAN, WinFail2Ban will help you to stop these bruteforce attacks or help you monitor who is logging in system remotely and trying to change you application, etc.
Operating systems supported:
1. Windows 2000 Sp4 and above ( 32-bit )
WinFail2Ban is open source!
Download WinFail2Ban version 0.4here
Searches leading to this post:
WinFail2Ban,
project source code for host based attack
If you enjoyed this article, you might also like:
- August 30, 2010 -- UPDATE: Snorby Preconfigured Security Applications v1.5!
You can find our first post regarding Snorby here. Now, the Snorby Preconfigured Security Applicatio... - July 26, 2010 -- UPDATE: VASTO v0.2!
Our initial posting for VASTO can be found here. Now, the author has released an updated version VAS... - July 8, 2010 -- Deblaze: Enumerate FLEX Servers!
Automated web application security scanners are very good at automating web application penetration ... - July 1, 2010 -- TFTPTheft: A TFTP Security Scanning Tool!
This tool finds good use in a network that has lots of network devices with the TFTP port open. TF... - June 30, 2010 -- UPDATE: Cain & Abel v4.9.36!
Our previous post regarding Cain & Abel can be found here. Now, oxid.it has released an updated ... - June 11, 2010 -- UPDATE: Snorby Preconfigured Security Applications v1.4!
You can find our first post regarding Snorby here. Now, the Snorby Preconfigured Security Applicatio... - June 6, 2010 -- sectool : Tool for Security Audit Tool and IDS
sectool is often a security tool that will be applied each like a security audit along with a compon... - May 10, 2010 -- Snorby: A Snort Front End!
We all know the greatness of Snort - which has been mentioned many times previously - but, primaril... - April 27, 2010 -- UPDATE: Snort 2.8.6!
Our old post regarding Snort can be found here. Now, Snort has been updated to version 2.8.6!"Sn...
Tagged as: Bruteforce, host security for free, intrusion detection system, WinFail2Ban
You must log in to post a comment.