Auto blocking attacking IP address?!
Dear all,
Sorry if this already been answered. I spent an hour on the forum to search, but didn't find something useful.
The question, I believe many already asked, is: when you left your Windows Server 2008 on the Internet, serving IIS, FTP, Remote Desktop, etc., you'll see lots of attack (i.e. trying to login with Brute Force). Although I could get these IP address from
Security log, and then add it into Firewall block list, it's manual work.
How about something magic that detect this and auto block this IP on everything for, say 5 mins?
Best regards,
dong
June 21st, 2011 7:12am
Hi,
Stopping brute force attacks automatically isn't the job of a web server, or any server for that matter. Some smart IDS and expensive firewall have this feature I
think.
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 10:56pm
That's something I didn't realize. So in fact Windows Firewall with Advanced Features should be discontinued and leave that function to some 3rd party companies.
Apparently protection from Internet attack is not in the interest for Windows Server 2008/R2?!
Tech-wise, how difficult this can be? If I can check Security Log and identify bad IPs and add to block list, why the system can't do this for me?
Someone from MS to confirm this?
Best,
dong
June 23rd, 2011 9:25am
Hi Dong,
Thank you for your post.
By providing host-based, two-way network traffic filtering for a computer, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into
or out of the local computer.
By using the Software Configuration Wizard (SCW), you can create firewall rules to allow this computer to send traffic to or receive traffic from programs, system
services, computers, or users. Firewall rules can be created to take one of three actions for all connections that match the rule's criteria: allow the connection, only allow a connection that is secured through the use of Internet Protocol security (IPsec),
or explicitly block the connection.
The firewall rules should be created manually, and it could not be created by Windows Firewall itself.
For more information about Windows Firewall:
http://technet.microsoft.com/en-us/network/bb545423.aspx
Best Regards,
James
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 9:39pm
I managed to write a powershell script for this, to ACTIVELY protect my ports. :)
Anyone interested to see it?
Best,
dong
October 7th, 2011 6:41am
it should be a useful script. can you share it? thanks
Free Windows Admin Tool Kit Click here and download it now
October 7th, 2011 11:42am
Please do Xied! I have been looking for such a thing a long time..
October 24th, 2011 11:20am
Dear everyone,
I finally got time to finish a blog on this, please check the code there.
http://sqlblogcasts.com/blogs/dong/archive/2012/03/06/auto-blocking-attacking-ip-address.aspx
Best,
dong
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2012 2:31pm