ts_block
ipban
ts_block | ipban | |
---|---|---|
4 | 16 | |
175 | 1,509 | |
- | 1.7% | |
0.0 | 8.9 | |
over 2 years ago | 4 days ago | |
Visual Basic | C# | |
Artistic License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ts_block
-
Learning Lessons From The Cyber-Attack: British Library cyber incident review [pdf]
> Is there something inherently insecure about remote desktops, or is MS software here known to be particularly insecure...
Exposing RDP to the Internet directly has been frowned-upon because of the attack surface being presented, there's no two factor "story" out-of-the-box, and you're opened up to brute force attempts on cruddy user passwords.
Older versions of the Microsoft Remote Desktop Protocol had a much larger attack surface than current versions. The current versions with Network Level Authentication (starting in Windows Vista/Server 2008) present a smaller attacks surface. Older versions used "homegrown" Microsoft crypto, whereas current versions use TLS.
Disclosure: I made a FLOSS fail2ban-like tool for RDP many years ago[0]. I had a situation where I was forced to expose RDP to the Internet and I didn't like having it open w/o some protection against brute force attacks. This tool happens to still works in Server 2022 and will slow the velocity of brute force attacks. I still highly recommend not exposing RDP directly to the Internet anyway.
(The ts_block tool is missing some fairly essential functionality that I never got around to implementing. It works fine and is really easy to install but some things are sub-optimal.)
[0] https://github.com/EvanAnderson/ts_block
- Fail2Ban – Daemon to ban hosts that cause multiple authentication errors
-
Analysis of a large brute force attack campaign against Windows Remote Desktop
My old ts_block[0] project does something similar to yours, albeit for RDP only and with much less sophisticated customization.
I opted to go with a WMI Event Sink rather than polling the Event Log. I've never done a benchmark to see which architecture would use less CPU, but I can say the WMI event sink causes nearly instantaneous reaction.
As an aside: I'd love to hear if somebody tries ts_block on Windows Server 2022. It works fine on 2012 R2 thru 2019 but I've never tried it on 2022.
[0] https://github.com/EvanAnderson/ts_block
-
WinGet is terrible. I want AppGet back
The perspectives in the comments on this article re: WiX XML source and Windows Installer being difficult are interesting to me. Like I said elsewhere, I overcame that learning curve so long ago that I can't put myself in a position where it seems daunting now.
To be fair, though, an MSI to install a 10 files in "C:\Program Files\AppName", register a couple .NET assemblies, create a couple of shortcuts, and throw a few values into the registry would amount to <100 lines of XML.
Here's a years-old WiX 2.0 syntax source file to install 4 files in "C:\Program Files\appname" and run an EXE embedded in the MSI to install a service: https://github.com/EvanAnderson/ts_block/blob/master/MSI/ts_...
I've only seen "thousands of lines" of WiX source when dealing programs that install a ton of files, or put scads of entries in the registry.
Most of the MSIs with WiX are based on a simple skeleton generated from a template, and using "includes" generated by the "candle" tool.
Understanding the Windows Installer and the WiX source feels analogous to what I see in "modern" web development-- a bunch of tools that developers use, seemingly without understanding what they do, to create a massive pile of edifice into which original code is finally placed.
ipban
- Well I'm ready to throw in the towel - public IP to 3389
-
Fail2Ban – Daemon to ban hosts that cause multiple authentication errors
I'm using non-standard RDP port and still getting 10,000+ brute-forcing requests per day.
Found this alternative:
https://github.com/DigitalRuby/IPBan
-
what do you use for ssh brute force protection: fail2ban or sshguard ? or something else ? for ubuntu and fedora
Disable password login and IPBan. https://github.com/DigitalRuby/IPBan
-
RDWeb IIS Logging
Free is less than cheap though, so I set up ipban and created the following recipe: https://github.com/DigitalRuby/IPBan/blob/master/Recipes/Windows/LogFile/RDWeb.xml
- A got a company thats getting hit with fail logins attempts on their VM/RDS
-
Question on IPBan free edition - regarding a notification when an IP is banned
I recently installed IPBan, and it quickly banned the 2 ips for 1 day. Lovely program! The problem is i don't really understand a good way to set an alert so that i know that ban's or other actions have happened.. i am required to look at the ipban log file to see what has been happening.. I do not really have any idea what to do with the following.. What program or service should i use to be notified by ipban? Here is the wording from https://github.com/DigitalRuby/IPBan/wiki/Configuration
-
Can i use Windows Server 2019 Evaluation version for personal use?
I have found this, which can automatically block failed login attempts https://github.com/digitalruby/ipban
- Automatically ban at signs of bruteforce/botnet attacks w/ known attackers lists
- Is there a fail2ban alternative for Windows?
- RRAS VPN Automated IP Blocking
What are some alternatives?
Versions - 📦 A Scoop bucket for alternative versions of apps.
EvlWatcher - a "fail2ban" style modular log file analyzer for windows
Shovel-Ash258 - Personal Shovel bucket with a wide variety of applications of all kinds.
wail2ban - fail2ban, for windows.
oneget - PackageManagement (aka OneGet) is a package manager for Windows
warp-plus-cloudflare - Script for getting unlimited GB on Warp+ ( https://1.1.1.1/ ) [GET https://api.github.com/repos/ALIILAPRO/warp-plus-cloudflare: 403 - Repository access blocked]
ts_block - Blocks IP addresses generating invalid Terminal Services logons
SuperGrate - 💾 Get moving with Super Grate; a free & open source Windows Profile Migration & Backup Utility. Super Grate is a GUI (Graphical User Interface) that assists Microsoft's USMT (User State Migration Utility) in performing remote migrations over a network connection.
wix3 - WiX Toolset v3.x
hass-workstation-service - Provide useful sensors and services from your workstation to Home Assistant.
Chocolatey - Chocolatey - the package manager for Windows
remoteapptool - Create and manage RemoteApps hosted on Windows 7, 8, 10, 11, XP and Server. Generate RDP and MSI files for clients.