Analysis of a large brute force attack campaign against Windows Remote Desktop

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Fail2ban Windows logfile-analysis

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • EvlWatcher

    a "fail2ban" style modular log file analyzer for windows

  • ts_block

    Blocks IP addresses generating invalid Terminal Services logons

    • My old ts_block[0] project does something similar to yours, albeit for RDP only and with much less sophisticated customization.

    I opted to go with a WMI Event Sink rather than polling the Event Log. I've never done a benchmark to see which architecture would use less CPU, but I can say the WMI event sink causes nearly instantaneous reaction.

    As an aside: I'd love to hear if somebody tries ts_block on Windows Server 2022. It works fine on 2012 R2 thru 2019 but I've never tried it on 2022.

    [0] https://github.com/EvanAnderson/ts_block

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • ts_block

    Blocks IP addresses generating invalid Terminal Services logons (by greatquux)

  • nlahoney

    NLA Honeypot Associated Research

    • A few links which provide some good insight for your idea.

    https://research.nccgroup.com/2021/10/21/cracking-rdp-nla-su...

    https://github.com/nccgroup/nlahoney

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Hetzner abuse ticket saved my bacon

    1 project | /r/hetzner | 5 Dec 2023

  • Windows VPS, VPN, RDP

    1 project | /r/sysadmin | 11 Apr 2023

  • Azure Hosted VMs being targeted - Help?

    1 project | /r/msp | 18 Aug 2022

  • Remote Desktop - block IP after too many failed?

    3 projects | /r/sysadmin | 20 Apr 2021

  • Komorebi – A tiling window manager for Windows written in Rust

    1 project | news.ycombinator.com | 3 May 2024