IP Warden is a Host Intrusion Prevention tool that monitors the Windows Event logs for unsuccessful logon attempts from any given source IP.
IP Warden is a Host Intrusion Prevention tool that monitors the Windows Event logs for unsuccessful logon attempts from any given source IP. Once the number of logon attempts exceeds the configured logon attempt threshold, the offending source IP is added to a custom IP Warden firewall rule within the Windows firewall. This blocks any further activity from the offending IP on the Windows Firewall level to the server.
Currently IP Warden is able to monitor Remote Desktop, IIS and MSSQL failed logon attempts. We are working on adding more logon monitors and this will be available soon.