cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1524
Views
0
Helpful
3
Replies

IPS - Brute Force Attack event

jorjes1984
Level 1
Level 1

HI all

I have an AIP-SSM on a ASA where all traffic is directed to it.

I have a WEB Server connected to the DMZ zone and users connect to it on a secure connection (HTTPS)

So my question is, if someone do a Brute Force Attack to authenticate itself, does the IPS catch this kind of attack???

does it differs on the IPS level if the server works on HTTP or HTTPS?

3 Replies 3

Hi Jorjes,

Authenticate to which service do you mean(Remote desktop, telnet, ssh, FTP,...)?

Authentication to the server in the DMZ zone (web Server, Exchange, ....)

Assume there is an application in the on the server, and you connect to the Server via HTTPS

does the IPS trigger any event, if some1 keeps trying to enter wrong user name or password (asssume he is using a Brute force attack software)

Yes, there are a number of signatures responsible for login attacks such as:

3171 : FTP priviledged login

6252 : Rlogin Authorization Failure

5726 : Active Directory Failed Login

3201 : Unix Password File Access Attempt

And many other more.

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: