What is it?
IPMuncher is an application that works in conjunction with the Windows firewall. What attacking IPs are detected, IPMuncher will issue a command to the Windows firewall, to create a rule to block the remote IP. The IP can be blocked permanently, or for a specified period of time.
What IPMuncher is NOT?
IPMuncher is not a full blown intrusion detection system. It is not a firewall. It is a very small, lightweight, fast application that monitors event logs, log files, of the file system for attacking IPs. You create rules on how to block these remote IPs, and IPMuncher can automatically create firewall rules to block them.
What Operating Systems does IPMuncher Support?
IPMuncher can run on both 32 and 64bit operating systems.
IPMuncher can run on Windows clients 7 and greater, and servers Windows 2008 and greater.
Support for Windows 2003 is planned, but not yet released. If you need Windows 2003 support, contact us, and let us know.
What Software Requirements are there?
IPMuncher is built upon the .NET framework. It requires version 3.5 or greater. You should already have this installed on your system.
In case you don't you can download it from here: http://www.microsoft.com/net
How is IPMuncher Licensed?
IPMuncher is licensed on a per server basis. Purchasing options allow for a single server license, along with discounts for packs of server licenses.
An optional Enterprise Source Code license is also available.
How does IPMuncher determine attacking IPs?
IPMuncher can monitor windows event logs, log files, or the filesystem for attacking IPs. When attacking IPs are found, IPMuncher will create a windows firewall rule to block that IP. That block can be permanent or temporary. If it is temporary, IPMuncher can remove the firewall rule after a specified time period has passed. This is different than the firewall, where you manually open or close networking resources.
The IPMuncher application is a gui application for managing the underlying IPMuncher windows service. Inside of the application, you setup various rules to monitor for attacking IPs. The IPMuncher windows service executes and monitors these rules. It then creates the windows firewall entries, to block the attacking IPs.
The windows service is actually part of the IPMuncher.exe. The gui portion of the exe simply manages the various settings and rules implemented by the windows service. From the Server Manager screen, you can install (register) or uninstall (unregister) the IPMuncher application as a windows service.
IPMuncher Rule Types
IPMuncher allows you to create 3 different types of rules for monitoring various areas of your server, and integrating with existing apps. These rules are: WindowsLog rule, LogFile rules, or Filesystem rules. They are explained in detail below.
Windows log rules are created to monitor the windows event logs for IP attacks. Common attacks including dictionary attacks against RDP ports and SQL server. When these attacks are logged, IPMuncher will create a firewall rule to immediately block the offending IP.
Logfile rules allow you to monitor text based log files from 3rd party applications. IPMuncher will monitor these log files in real time, line by line, for offending IP addresses. Search rules are setup by creating regular expressions to find the IP addresses.
Filesystem rules are slightly different than logfile rules. Filesystem rules allow you to monitor directories for simple one line text files that contain IP addresses. These functionality is useful for scripting or web applications where you want to output offending IPs in real time, by simply writing them to a file. IPMuncher will monitor directories for these files, and block the offending IPs, based upon the rules you configure.
Why don’t you just setup a VPN?
A common response to the IPMuncher product is “Why don’t you just setup a VPN, so you have to be logged in, to access these services?” The bottom line is, it’s not always that simple. Either companies are too small to use a VPN, don’t have the technical know how, or for technology reasons, it doesn’t work. Also, although a VPN helps alleviate the problem, all it does is change the attack vector (albeit, usually a more complicated one).