IPBan Monitors failed security audit in Windows Event Viewer and bans ip addresses using netsh. Wide range of customization and unlimited ip address ban count. Download binaries here: -->
Latest commit 0688d7a Sep 4, 2016 @jjxtra committed on GitHub Merge pull request #20 from computeronix/patch-1
Patch 1


***** Requires .NET 4.0 and Windows Vista or Windows Server 2008 or newer *****

Extract files to a place on your computer. Right click on all the extracted files and select properties. Make sure to select "unblock" if the option is available.

To run as a Windows service (example: sc create IPBAN type= own start= auto binPath= d:\system\ipban\ipban.exe DisplayName= IPBAN). The service writes a log file to the same directory as the service, so run as SYSTEM to ensure permissions.

Make sure to look at the config file for configuration options

To debug as a console app and troubleshoot, run "IPBAN.EXE debug"

Make sure you are logging failed login attempts via local security policy

Make sure to read this stackoverflow thread about ip addresses not getting logged: http://stackoverflow.com/questions/1734635/event-logging-ipaddress-does-not-always-resolve
In summary, change these local security options:
- Network security: LAN Manager authentication level -- Send NTLMv2 response only. Refuse LM & NTLM
- Network security: Restrict NTLM: Audit Incoming NTLM Traffic -- Enable auditing for all accounts
- Network security: Restrict NTLM: Incoming NTLM traffic -- Deny all accounts
- Do not allow for passwords to be saved -- Enabled
- Prompt for credentials on the client computer -- Enabled

If you want to run in Visual Studio, make sure to run Visual Studio as administrator

For reference, here is a regex that matches any 32 bit ip address:

Please visit http://www.digitalruby.com/securing-your-windows-dedicated-server/ for more information about this and other products that we are making.


-Jeff Johnson, CTO Digital Ruby, LLC