Brute-Force Attacks Defender
The Brute-Force Attacks defender enables you to protect your public server from hackers, network scanners and brute-force robots that try to guess your Administrator login and password. Using current logins and password dictionaries, they will automatically try to login to your server hundreds to thousands times every minute. With this RDP Defender, you can monitor Windows failed login attempts and automatically blacklist the offending IP addresses after several failures.
On the upper left side, you can see the Defender status, where you can check if the Defender Service, the Windows Logon Audit and the Windows Firewall are enabled. In this case, like in our example, all the status are ticked.
– Whitelist IP addresses: You can of course configure it to match your needs, for example by adding your own workstation IP address in the IPs Whitelist, so this tool never blocks you. You can add as many IP addresses as you want in the whitelist. These addresses will never be blocked by the brute-force attacks defender.
– Since RDS-Knight 3.4 version, it is now possible to filter the blocked IP addresses by entering the desired IP address, the date or the country (supported country name in english) under the Blocked IPs list, in the bottom right corner of the Defender Window.
– You can also set the maximum failed logon attempts from a single IP address inside the IP Detection block on the left side (by default, it is 10), as well as the time of reset for failed logon attempts counters (by default it is 2 hours).
Since the 3.3 version, ignoring local and private IP addresses is now possible by checking the "Ignore Local and Private IP Addresses" box below.
Note: If you ever notice that the Brute-Force Attacks Defender blocked 10 IP addresses per day and that now, it is not the case anymore; and blocks one, two or even doesn't block any address, it is actually normal. Indeed, before RDS-Knight installation, the server having an RDP port publicly available is known by all the robots, and many robots try the current passwords and the ones coming from dictionaries. When you install RDS-Knight, these robots are progressively being blocked, so that one day:
- Most of the active robots are already blocked and are not interested by the server, even the new ones.
- Also, the server does not appear anymore on the list of publicly known servers.