Block those nefarious RDP access attempts
Table of Contents
This project was built to defend against third parties attempting to logon (and presumably compromise) an Windows Remote Desktop system that is exposed to the Internet.
In principle it is a Windows Service monitors the Windows Security EventLog looking for failed logon attempts and blocks those that have an unexpected pattern... by default based on particular usernames (*ADMIN* is a favourite) or whether a particular IP has initiated a filed logon multiple times within a time period. Once a pattern is detected it blocks all traffic from that IP address for a set period of time.
The project is C# and was originally built with Visual Studio 2019. It is targetted against Microsoft.NET Framework v4.7.2.
Solution contents
- ApsDefence - Class library with the defence code
- ApsDefenceHarness - Console application for debugging of the ApsDefence library (Note - debugging must be done with Visual Studio running as ADMIN)
- ApsDefenceService - Windows Service to run the ApsDefence library
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.
Required Microsoft.NET v4.7.2 - download from the Microsoft site
- Download the latest release from this project
- Extract the files to a folder of your choosing...
C:\ApsDefenceServiceperhaps - Start a Command Prompt as Administrator - navigate to the installation folder and execute
InstallService.bat - Execute
services.mscand validate the Installation of the ApsDefenceService... then START the service.
Distributed under the MIT License. See LICENSE.txt for more information.
Project Link: https://github.com/aphalon/ApsDefence