I am in need of a windows application that will do the following:
- Run as a system Service
- Scan the event viewer based on some triggers or something – I’m not really sure about this so I’m waiting for your suggestions.
- Scan the Windows Event Viewer for any failed login attempts which are event 529,680, etc. Event 529 is a failed login attempt for MSFTP. The problem is that if you try to login to a server via MSFTP and the login fails the IP address from where the request came from doesn’t get stored in the Event Viewer. You will have to go to IIS logs and scan the IIS logs to get the IP address from which that event was generated.
- After the IP is gathered I need it stored in to an IPSec Rule. The IP Sec rule will deny all kind of TCP/UDP traffic from the specific IP Address.
- I also want the application to scan the event viewer for failed Remote Desktop Connection attempts and add that IP address to another IPSec rule that will deny all traffic as well. For this the process is easy because the requester IP address gets stored in Event Viewer and you only need to scan the event viewer for this to get the IP Address.
I need the app to send me an e-mail every time is blocking an IP. The e-mail will be something like this: “A new failed RPD or MSFTP was being detected on the server and was blocked for any further login attempt. The IP address is:….”
Configuration part of the application:
- The app will use a database to store all settings. It can be an ini, mdb, xls,… I don’t really care how you store the settings as log as is working properly. What I basically need to be configurable is this:
o E-mail address where the email will be sent to
o The name of the IPSec. Rule where the IP will be stored for MSFTP and for RPD attempts.
o The number of failed attempts that are allowed until the IP is added to the block list.
o One or more IP addresses that will never be blocked no matter how many failed login attempts I will try from that specific IP address.
o A list of IP Address that are currently in RPD block list and in the MSFTP block list. Here I need to be able to add/edit/delete any of the IP’s. This will effect the IPSec Rule list of course
This is pretty much everything I can think of right now. Please make sure that you can deliver a 100% working application. There are a lot of scripts and free apps like this out there which I tried and none of them satisfied my needs. They all work sometimes and sometimes they don’t block the IP. I need this one to successes every time.
Happy bidding everyone