This repository has been archived by the owner on Oct 2, 2022. It is now read-only.
forked from DigitalRuby/IPBan
-
Notifications
You must be signed in to change notification settings - Fork 0
IPBan Monitors failed security audit in Windows Event Viewer and bans ip addresses using netsh
License
codref/Windows-IP-Ban-Service
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
******************************************************************************* ***** Requires .NET 4.0 and Windows Vista or Windows Server 2008 or newer ***** ******************************************************************************* Extract files to a place on your computer. Right click on all the extracted files and select properties. Make sure to select "unblock" if the option is available. To run as a Windows service (example: sc create IPBAN type= own start= auto binPath= d:\system\ipban\ipban.exe DisplayName= IPBAN). The service writes a log file to the same directory as the service, so run as SYSTEM to ensure permissions. Make sure to look at the config file for configuration options To debug as a console app and troubleshoot, run "IPBAN.EXE debug" Make sure you are logging failed login attempts via local security policy Make sure to read this stackoverflow thread about ip addresses not getting logged: http://stackoverflow.com/questions/1734635/event-logging-ipaddress-does-not-always-resolve In summary, change these local security options: - Network security: LAN Manager authentication level -- Send NTLMv2 response only. Refuse LM & NTLM - Network security: Restrict NTLM: Audit Incoming NTLM Traffic -- Enable auditing for all accounts - Network security: Restrict NTLM: Incoming NTLM traffic -- Deny all accounts - Do not allow for passwords to be saved -- Enabled - Prompt for credentials on the client computer -- Enabled If you want to run in Visual Studio, make sure to run Visual Studio as administrator For reference, here is a regex that matches any 32 bit ip address: (?<ipaddress>^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$) Please visit http://www.digitalruby.com/securing-your-windows-dedicated-server/ for more information about this and other products that we are making. Enjoy! -Jeff Johnson, CTO Digital Ruby, LLC
About
IPBan Monitors failed security audit in Windows Event Viewer and bans ip addresses using netsh
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C# 100.0%