Awhile back Chrissy @ netnerds.net came up with a script that uses some clever techniques to instantly ban ips attempting to login to Microsoft FTP as Administrator. I took her script and quickly threw together something of my own that curbed dictionary attacks on my FTP server. It's been working ever since but I always promised myself I'd return later and come up with something a bit more robust (and stylish... I don't even want to post the script.) I might be a little late but I finally got around to it. I considered my options and I think I'd like to give it away. Be warned, no warranties are supplied. Use at your own risk.

For your consideration: FTP Defender

Some notes about the project.

• You'll need to add a reference for the file logscrpt.dll which is normally found in %SystemRoot%\system32\inetsrv\ folder. If it's not there you can find it somewhere around the web.
• Check the app.config file for various settings. You'll need to specify a non-existent IP on your network to create the dead route.
• If the build is successful and the app is running you won't see anything. I built it to be managed from anywhere so you have to use Telnet (or some similar app) to interface with it. (Default port: 10139, user: admin, pass: d3f3nd3r)
• Instead of simply banning access to the FTP service, I ban all traffic from the IP by adding a dead route. I'm not really interested in serving anything to someone who's trying to break into my system.
• The application can be configured to remotely access the necessary resources of another machine running the FTP service provided the proper permissions are supplied.
• If you run into trouble, check the log file or the event log from within the application.