IPS & Dictionary Attacks / Multiple Failed Logon Attempts

Unanswered Question
Jul 17th, 2008
User Badges:

Could anyone enlighten me on answering this question:

Could an ASA 5520(IPS) stop a dictionary attack from happening and could it pickup alerts for multiple failed logon attempts inside the network?

Any help would be great. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
mhellman Thu, 07/17/2008 - 09:00
User Badges:
  • Blue, 1500 points or more

Probably, but it depends entirely on which protocol you're talking about. I have attached a snapshot of signatures containing "authorization failure" in the name. there may be others. You should be able to use these (or a variant) to do what you want.

GoldleafIT Fri, 07/18/2008 - 04:17
User Badges:


Can you post the contents of your attachment? I am not going to open a file on a blog.

mhellman Fri, 07/18/2008 - 05:11
User Badges:
  • Blue, 1500 points or more

It's a jpeg image file. Sorry, no...I'm not going to transcribe the text in the image. FWIW, your browser automatically fetches and open hundreds, probably thousands, of remote images every day as you use the web. The risk is exactly the same. The ONLY different is that you don't have to think about it;-)


This Discussion