Intrusion Attack
How they do
A common method is brute force, attackers attempt combinations of the accepted character set in order to find a specific combination that gains access to the authorized area.
Analyze Log
Traces
Every attack leave traces into log files...
WinFail2Ban is able to parse many type of log (example: FTP log file, Event Viewer..).
Analyzing multiple log files could be heavily and time consuming, moreover is difficult to correlate same attacker IP address on multiple sources.
Block Attacker
Notification
If somebody is trying to attack your server, you'll probably would like to be notified...
Firewall Filter
If you like automatism, you can block attacker IP address with a Firewall rule.
We're trying to generate an engine that manage local firewall rules and also remote firewall rules (PIX/Iptables).