mobileFX Spartan RDP Guard is an intrusion detection system (IDS) and host-based intrusion prevention system (HIPS), implemented as a Windows Service.

The service subscribes to Windows Security Event Log and audits failed Remote Desktop Protocol (RDP) login attempts in real-time.

For every failed login attempt it immediately creates an Instant Windows Firewall Block Rule blocking the remote IPv4 address that failed to login.

The service has an allow-list and a DynDNS-list that are used as block exclusion lists. Normally you set your own IPv4 addresses or domain names in those lists.

On regular intervals, instant rules are consolidated into a single mobileFX Spartan RDP Guard Rule, thus keeping your Firewall organized.

Key Features:

• Real-time monitor of Windows Security log
• Instant Firewall rule creation for invading IPv4 address in real-time

• Attacks are saved to SQLite database with date and country information
• Blocked IPv4 addresses are saved to SQLite database with date and country information
• Synchronization of SQLite database and Firewall blocked IP addresses (database first mode)

• Allow-list with IPv4 addresses that are allowed to make an error during login
• DynDNS support with automatic resolution to IPv4 addresses and insertion to Allow-list       
• UI to add and remove allowed and blocked IPv4 addresses and DynDNS domains

• Resolve IPv4 addresses to country, region, sub-region and continent
• Visualization of attacks and blocked IPv4 addresses per country on interactive SVG map
• Live Attacks Map and attack desktop notifications in real-time

• Built-in WebSockets server for remote administration and real-time notifications
• Secure WebSockets with SSL / TLS version selection and SSL certificate
• Secure login to Spartan UI with encrypted password

• Attacks report with date-range filter and/or country filter, sorting and grouping features
• Blocked IPv4 addresses report with sorting and grouping features
• Report columns customization and unlimited grouping
• Country flags rendering aid per attack and blocked IPv4 for ease of visualization
• Epoch / Zulu time conversion to Local Time for convenience
• Export to Excel XLSX format for further processing
• Chart dashboard of Attacks per country and Blocked IPv4 addresses per country
• Interactive charts with rotation and zoom features
• Export chart images to high-resolution PNG images

• Bulk import of IPv4 addresses from free-text using regular expressions
• Import of Windows Event Log EVTX files
• Import of Windows Firewall Text files
• Import of Autoban JSON files

Command Line Interface / Service

 Spartan can run either as a Windows Service or from command line.

 

 

User Interface

When Spartan starts it displays and SVG world map colored in shades of red for Attacks and in shades of purple for Blocked IP addresses.

You can change view between attacks and blocked IP addresses from the radio boxes on the top-left of the map.

The map is interactive and you can zoom and tilt on it. When connected to Spartan service, the map displays in real-time the attacks to your server in vivid red color.

  

In Attacks Log you can query Spartan database for attacks that occurred during a date range or for attacks from a specific country.

In Blocked IPs page you can view, add or remove IP addresses from the block list.

 

You can add bulk IP addresses to Block-list by right-click on the list and selecting the Add Records command. The input dialog is equiped with IPv4 regular expression that can extract any IPv4 address from any text stream.

The extracted IP addresses are displayed in the Parsed tab.

 

 From Spartan UI by choosing Service > Edit Configuration  you can change several service settings.

 

  

The consolidated Windows Firewall Rule used by Spartan: