WinFail2ban scans log files/event viewer and bans IP that makes too many password failures.
How does WinFail2Ban work?
A common method is brute force, attackers attempt combination’s of the accepted character set in order to find a specific combination that gains access to the authorized area.
It has three main steps:
1. Intrusion Attack
2. Analyze Log
3. Block Attacker
Every attack leave traces into log files. WinFail2Ban is able to parse many type of logs. Analyzing multiple log files could be heavily and time consuming, and moreover is difficult to correlate same attacker IP address on multiple sources
Features of WinFail2Ban:
1. FTP detection
2. IIS logs
3. Event viewer
4. Windows firewall logs
5. IP blacklisting
6. IP white listing
7. database support
Everyone who is struggling with system hack problems in LAN or WAN, WinFail2Ban will help you to stop these bruteforce attacks or help you monitor who is logging in system remotely and trying to change you application, etc.
Operating systems supported:
1. Windows 2000 Sp4 and above ( 32-bit )
WinFail2Ban is open source!
Download WinFail2Ban version 0.4here
Searches leading to this post:winfail2ban, winfail2ban database
You must log in to post a comment.