Why do you need it? > Many Windows Server machines are under **constant attack**. Network scanners and RDP brute-force tools work 24/7. Eventually they may find a **password to access your server!** Moreover, RDP brute-force attacks may **abuse server resources** (CPU and bandwidth. > Take a look at your server's Security EventLog. How many failed login attempts do you see? The log may note thousands of failed login attempts from a single IP address. This means that **someone is trying to find a password to access your server**. > This is how an RDP brute-force attack appears in the Security EventLog. > How can you protect your server from brute-force password-guessing attacks on RDP? **The answer is RdpGuard http://rdpguard.com/download/rdpguard-3-1-7.exe
Dowload RdpGuard RDP Brut

RdpGuard alternatives

  • SSHGuard

  • SSHGuard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. SSHGuard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication. ยป

    tags: bruteforce firewall freebsd intrusion-detection ssh
  • Fail2ban

  • Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

    tags: firewall security-utilities internet-filter iptables ip-blocking
  • Denyhosts

  • The idea of denying access to SSH servers is nothing new and I was inspired by many other scripts that I discovered. However, none of them did things the way I envisioned them to. Also, they were all shell scripts which do not offer the elegance of Python.

    tags: daemon bruteforce web-log-analyzer ssh-bruteforce
  • Syspeace

  • An autoblocker for brute force attacks primarily for Windows Servers with good information in the admin mils telling you DNS names, country of origin and username used for the attack.

    tags: network-monitoring security-auditing bruteforce fail2ban autoblock

  • IPQ BDB filtering is done by a user space netfilter daemon that issues verdicts after looking up the IP address in a Berkeley DB. The fuzzy blocking model, freely inspired by STOCKADE, is designed to block non-distributed dictionary attacks and mitigate spam.

    tags: firewall gnu iptables
  • e.guardo Smart Defender

  • e.guardo protects your RDP, MSSQL, FTP, SMTP, EXCHANGE, OWA, LYNC, MICROSOFT DYNAMICS CRM, SHAREPOINT and many more services from Brute Force and Dictionary Attacks

    tags: online-service heuristic-detection hacker-protection ddos-protection brute-force-protection
  • Anti DDoS Guardian

  • DDoS Protection tool. Anti DDoS Guardian stops DDoS attacks for Windows servers, it prevents Remote Desktop Connection brute force attacks, Slow HTTP Get&Post attacks, SYN flood, TCP flood, UDP flood, ICMP flood, bandwidth attacks, etc.

    tags: anti-ddos-firewall anti-ddos-windows dos-protection rdp-brute-force rdp-protection
  • LF Intrusion Detection

  • Lit Fuse Intrusion Detection (LID) protects your Windows system from brute force attacks and other intrusion attempts by placing a brick wall between your server and would-be hackers. Lightweight and lightning-fast, our software keeps an eye on your network traffic 24/7, watching for suspicious activity.

    tags: security-and-privacy rdp-client autoblock fail2ban rdp-server
  • SpyLog

  • lua-spylog - Execute actions based on log records

    tags: autoblock brute-force-protection bruteforce protection rdp-protection
  • IPBan

  • A FREE and open source application that allows banning ip addresses from failed terminal services or SQL server logins out of the box. Other types of banning are easily added via an application configuration file.

    tags: remote-desktop-access terminal-services
  • EvlWatcher

  • Protected against RDP-Brute forcers. It installs a service which scans the event log for anomalies every 30 seconds (by default).When the service finds out that someone is taunting your server with RDP-login attempts, it adds the remote IP to a generic rule in the windows firewall which locks out the attacker. After 2 hours (default), the ban will be lifted, i.e. the IP will be removed from the rule.

    tags: protection rdp-protection remote-desktop-access