Fail2ban for Windows - Mitigating Brute-force Attacks in Windows Environments

OData support
Dr. Fehér Gábor
Department of Telecommunications and Media Informatics

Day by day, more and more computers are connected to the internet. It is easy to forget that being connected also means that you are available from the world outside. Whether your machine is a server, a desktop computer or a laptop, whenever it is turned on, it is running services (i.e. applications that run in the background and handle requests), some of which might be accessible from the internet. While most of the time this is by design, sometimes it is a result of a misconfigured firewall, or a lack thereof.

Having any services exposed to the internet means that miscreants will eventually find these (either by IP range scanning or by more directed attacks), and will try to break in, most often by trying popular username and password combinations. This is called brute-forcing.

For Linux distributions, there exists a utility written in Python, named Fail2Ban that is constantly scanning the log files of a variety of services, looking for signs of brute-force attacks. This usually means watching out for too many failed login attempts over a period of time.

For Windows systems, there are a few similar tools, however, these either have been abandoned, lack features, are poorly documented, or have other properties that make their use unfavourable in certain environments.

Within this thesis, I am to plan, design, implement, and test a solution that is open source and similar to the original Fail2Ban. The resulting application should be modular, easy to adapt to new services and ever-changing needs.


Please sign in to download the files of this thesis.