Getting Dictionary Attacked?

Is your server getting dictionary attacked? Against RDP? Against SQL? Does your event log look like this?

If so, IPMuncher can stop those attacks in their tracks.


What is IPMuncher?

IPMuncher is an application that works in conjunction with the windows firewall. IPMuncher can monitor windows event logs, log files, or the filesystem for attacking IPs. When attacking IPs are found, IPMuncher will create a windows firewall rule to block that IP. That block can be permanent or temporary. If it is temporary, IPMuncher can remove the firewall rule after a specified time period has passed. This is different than the firewall, where you simply open or close networking resources.


The IPMuncher application is a gui application for managing the underlying IPMuncher windows service. Inside of the application, you setup various rules to monitor for attacking IPs. The IPMuncher windows service executes and monitors these rules. It then creates the windows firewall entries, to block the attacking IPs.


The windows service is actually part of the IPMuncher.exe. The gui portion of the exe simply manages the various settings and rules implemented by the windows service. From the Server Manager screen, you can install (register) or uninstall (unregister) the IPMuncher application as a windows service.

IPMuncher Rule Types

IPMuncher allows you to create 3 different types of rules for monitoring various areas of your server, and integrating with existing apps. These rules are:
WindowsLog rules,
LogFile rules, and
Filesystem rules.
They are explained in detail below.

WindowsLog Rules

Windows log rules are created to monitor the windows event logs for IP attacks. Common attacks including dictionary attacks against RDP ports and SQL server. When these attacks are logged, IPMuncher will create a firewall rule to immediately block the offending IP.

LogFile Rules

Logfile rules allow you to monitor text based log files from 3rd party applications. IPMuncher will monitor these log files in real time, line by line, for offending IP addresses. Search rules are setup by creating regular expressions to find the IP addresses.

FileSystem Rules

Filesystem rules are slightly different than logfile rules. Filesystem rules allow you to monitor directories for simple one line text files that contain IP addresses. These functionality is useful for scripting or web applications where you want to output offending IPs in real time, by simply writing them to a file. IPMuncher will monitor directories for these files, and block the offending IPs, based