Host level Intrusion Detection or prevention System

I am looking for a host level intrusion detection system for 32bit and 64bit windows servers. Long story short we have an attacker who is appears to be using a dictionary attack on our servers exposed to the web. We use a RDP gateway server and I am seeing thousand of attempts to authenticate to our server. usernames like Symantec, POS, dhcp, guest, rob, kat, tony, sales, showroom, it goes on and on. I have been able to track some of the IP's down and created a firewall rule to stop them but only temporarily.  I'm not incredibly worried at the moment since we use good standards for usernames and have password policies enforced.

I would like a way to identify without a bunch of manual work the source IP and alert me. If it could actually block them without manual intervention that would be even better. I'd like to keep the cost below $5,000 if possible.

I apologize if this is posted in the wrong area, I don't think I have ever posted a question here before.
Matt_GreavesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
I would make a new Linux box, install and configure snort, barnyard and snorby and use that between your server and the router. It's useful for way more than brute-force attacks.

The initial cost would be minimal, the annual cost for rule updates is $399/sensor. A sensor is a machine that has snort installed.

HTH,
Dan
Matt_GreavesAuthor Commented:
I ended up going with a product called RDP Gaurd. It was quite cheap and does a great job at stopping dictionary attacks.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Matt_GreavesAuthor Commented:
I needed a host level solution. My solution of using RDP guard solved the specific question I posted. Dan's was a great solution as well and long term is likely the better option. His solution however was not a quick fix and since I was in a position where I needed a quick fix ultimately I felt mine was the better option for the specific scenario I was faced with.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.