Skip to content

aliforever/rdpwall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
cmd/rdpwall
cmd/rdpwall
 
 
lib/rdpwall
lib/rdpwall
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
img.png
img.png
 
 

Repository files navigation

RdpWall

Is an small Fail2Ban like application that constantly checks for the Windows security Audit Failure [ID=4625] events and blocks IP addresses having failed to login more than 3 times.

Installation

  1. Install Go
  2. Clone the repository
  3. Run go build in cmd\rdpwall folder
  4. Run the executable with administrator privileges

Configuration

TODO

How it works?

  • Copies a version of Security.evtx to the executable folder every 5 seconds
  • Reads the copied Security.evtx file and parses it for the Audit Failure events
  • Checks if the IP has failed to login more than 3 times and if so, blocks it using the Windows Firewall

** All the commands are executed using the Windows command line

Tested on

  • Windows Server 2019

img.png

About

Fail2Ban alternative for Windows Server

Topics

security firewall bruteforce windows-server rdp fail2ban rdp-bruteforce

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 3

Windows (v0.0.4) Latest
Jun 17, 2023
+ 2 releases

Languages