Block RDP attacks
You’ve seen it before. You have RDP enabled so you and other admins can get on the server. But, someone is dictionary attacking your server. IPMuncher will watch for these entries, and immediately ban the remote IP.
Block SQL attacks
Your developers need remote access to SQL server. Port 1433 is now open. Within minutes your event log starts filling up with ‘SA’ dictionary attacks. IPMuncher will create the Windows firewall rules to block the remote IP from gaining access to your server.
Block Mail attacks
By default, IPMuncher comes with a built in rule to watch for dictionary attacks against Smartermail servers. If you aren’t running Smartermail, no problem! As long as your SMTP server outputs some type of standard log entry format, IPMuncher will be able to parse it, to help you stop blocking those dictionary attacks.
Block Comment Spam
If you’re a website admin, you’ve probably seen 1000s of these post to your website every hour. Some bot is trying to flood your input forms with the latest pharmaceutical product. Some apps will block these requests, after they’ve already made it to IIS. With IPMuncher, you can block them before the request ever gets to IIS, thereby saving valuable server resources. Simply use your comment spam detector to write out the remote IP address to a text file, and create a FileSystemRule in IPMuncher to monitor for those files, and block the attacking IP.
IPMuncher has a fast, lightweight engine. A small memory footprint, requires less server resources.
IPMuncher allows you to create whitelists of your local server, local network, company network, or even by country.
IPMuncher allows you to create blacklists and inverse blacklists. For example, lets say you know that all your RDP users will be in the US, you could blacklist the world, except for US based IPs.
Country IP Lists
IPMuncher contains the top 10 countries’ IP address lists. These are configurable by the user so that you can update them at any time, in case IP addresses are moved.
Windows Event Log Entries
IPMuncher allows you to create rules based upon Windows event log entries. Monitor the event logs for attacking IPs, and automatically block them, before they become a problem.
Log File Rules
Logfile rules allow you to monitor text based log files from 3rd party applications. IPMuncher will monitor these log files in real time, line by line, for offending IP addresses. Search rules are setup by creating regular expressions to find the IP addresses.
Filesystem rules are slightly different than logfile rules. Filesystem rules allow you to monitor directories for simple one line text files that contain IP addresses. These functionality is useful for scripting or web applications. Simply write the attacking IP to a single line text file, and IPMuncher can start blocking those attacks.
Default rules, ready to go!
IPMuncher comes with 5 default rules, ready to start monitoring your system. They include monitoring for RDP attacks, SQL attacks, login attacks, SmarterMail attacks, and a default filesytem rule.
Missing a Feature?
Missing a feature? We are always looking to improve IPMuncher functionality. Send us an email or comment suggesting a new feature, and get a free license if we implement it!