02-18-2009 12:09 PM - edited 03-10-2019 04:30 AM
HI all
I have an AIP-SSM on a ASA where all traffic is directed to it.
I have a WEB Server connected to the DMZ zone and users connect to it on a secure connection (HTTPS)
So my question is, if someone do a Brute Force Attack to authenticate itself, does the IPS catch this kind of attack???
does it differs on the IPS level if the server works on HTTP or HTTPS?
02-19-2009 01:16 AM
Hi Jorjes,
Authenticate to which service do you mean(Remote desktop, telnet, ssh, FTP,...)?
02-19-2009 02:44 AM
Authentication to the server in the DMZ zone (web Server, Exchange, ....)
Assume there is an application in the on the server, and you connect to the Server via HTTPS
does the IPS trigger any event, if some1 keeps trying to enter wrong user name or password (asssume he is using a Brute force attack software)
02-19-2009 03:12 AM
Yes, there are a number of signatures responsible for login attacks such as:
3171 : FTP priviledged login
6252 : Rlogin Authorization Failure
5726 : Active Directory Failed Login
3201 : Unix Password File Access Attempt
And many other more.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: