Cyberarms Intrusion Detection and Defense Alternatives

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time...

IPBan is a FREE and open source application that allows auto banning ip addresses from failed login attempts. Many sources are watched such as SSH, SMTP, SQL-Server, MySQL, RDP and dropped packets.

The idea of denying access to SSH servers is nothing new and I was inspired by many other scripts that I discovered. However, none of them did things the way I envisioned them to. Also, they were all shell scripts which do not offer the elegance of Python.

RdpGuard allows you to protect your Remote Desktop (RDP) from brute-force attacks by blocking attacker's IP address. Fail2Ban for Windows.

Monitor logs from several sources and execute actions based on some rules. Can be used to protect against brute-force attacks.

IPQ BDB filtering is done by a user space netfilter daemon that issues verdicts after looking up the IP address in a Berkeley DB. The fuzzy blocking model, freely inspired by STOCKADE, is designed to block non-distributed dictionary attacks and mitigate spam.

Protected against RDP-Brute forcers. It installs a service which scans the event log for anomalies every 30 seconds (by default).

Your Microsoft Windows servers are probably under constant attack and you may not even know it! Chances are if your hosting remote desktop, or other services such as Microsoft exchange, FTP, HTTP, HTTP’s or SQL. Your server is likely getting bombarded with failed login attempts.

Protects DMZ and public systems by analyzing logs to defend against brute force, DDoS, and spoofing on networked services like RDP, IIS, and SMTP using dynamic rules and global blacklists, without replacing your firewall, supporting customization and integration.

Syspeace automatically blocks brute force attacks primarily for Windows Servers with good information in the admin mils telling you DNS names, country of origin and username used for the attack.

DDoS Protection tool. Anti DDoS Guardian stops DDoS attacks for Windows servers, it prevents Remote Desktop Connection brute force attacks, Slow HTTP Get&Post attacks, SYN flood, TCP flood, UDP flood, ICMP flood, bandwidth attacks, etc.

mobileFX Spartan RDP Guard is an intrusion detection system (IDS) and host-based intrusion prevention system (HIPS) implemented as a Windows 64-bit or 32-bit Service with location-based attack reporting and instant notifications.