IPBan does not create firewall rules after failed login being detected #183
-
Hello, I used my laptap to remote to my PC with failed login for over 10 times, without being blocked. In addition, I wrote my laptop's IP in a ban.txt file and put it into the location path of IPBan. Though the txt file disappeared soon, the ip wasn't banned. I used the method you mentioned in other discussion to change the "Info" to "Debug" in nlog.config file. And while running IPBan.exe, it showed the IPBan could detect the failed login and my laptop's IPaddress through event viewer. But no addtional firewall rule was established, except the default two rules IPBan_EmergingThreats_0 and IPBan_EmergingThreats_1000. I've turned off the NLA and set local policy "Network Security -> LAN Manager authentication level" to "NTLMv2 response only/refuse LM and NTLM" I've tried all I could do, but failed to work out. Please help me! |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 3 replies
-
Would need to see some of your log file. I did a few tests rdp into my server and it worked with 1.7.1 version so we just have to figure out what's going on with your box. If you can provide log file, Windows version, it will help. |
Beta Was this translation helpful? Give feedback.
-
Hi Jeff, My desktop's ip is 10.12.xx.xx. Yesterday, I added the 10.xx.xx.xx type of ip address(such as 10.22.22.22) in the ban.txt, then the firewall cannot ban it. Today, I changed it to 5.5.5.5, what you wrote in your reply email, then the IPBan successed on banning it. However, what I really want to know is how to ban the local net IP. My university has its own local network and is blocked from outside. We should use VPN to access the outside internet. Recently, my student's PC was attacked by a hacker. The hacker first got the control right of one PC(call it A1) in my university, then he hacked other PCs on the same local network of A1 using RDP. I cannot turn off the RDP function of my lab's PC. Because, I need to connect my lab's PC by RDP when I am in the office. I wonder if IPBan can provide this function. |
Beta Was this translation helpful? Give feedback.
-
Solution is to set |
Beta Was this translation helpful? Give feedback.
-
There is a property in the config to enable banning internal ip
On Sat, Mar 26, 2022 at 9:17 PM skyflyfish ***@***.***> wrote:
Hi Jeff,
I think I figured out my problem. I shouldn't ban the ip address in the
local net.
My desktop's ip is 10.12.xx.xx. Yesterday, I added the 10.xx.xx.xx type of
ip address(such as 10.22.22.22) in the ban.txt, then the firewall cannot
ban it. Today, I changed it to 5.5.5.5, what you wrote in your reply email,
then the IPBan successed on banning it.
However, what I really want to know is how to ban the local net IP. My
university has its own local network and is blocked from outside. We should
use VPN to access the outside internet. Recently, my student's PC was
attacked by a hacker. The hacker first got the control right of one PC(call
it A1) in my university, then he hacked other PCs on the same local network
of A1 using RDP.
I cannot turn off the RDP function of my lab's PC. Because, I need to
connect my lab's PC by RDP when I am in the office.
I wonder if IPBan can provide this function.
—
Reply to this email directly, view it on GitHub
<#183 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJWQGB7V4XQVUKJKHCXYLDVB7HOJANCNFSM5RURGQGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
-- Jeff
|
Beta Was this translation helpful? Give feedback.
Solution is to set
ProcessInternalIPAddresses
to true.