Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS - Brute Force Attack event

HI all

I have an AIP-SSM on a ASA where all traffic is directed to it.

I have a WEB Server connected to the DMZ zone and users connect to it on a secure connection (HTTPS)

So my question is, if someone do a Brute Force Attack to authenticate itself, does the IPS catch this kind of attack???

does it differs on the IPS level if the server works on HTTP or HTTPS?

3 REPLIES

Re: IPS - Brute Force Attack event

Hi Jorjes,

Authenticate to which service do you mean(Remote desktop, telnet, ssh, FTP,...)?

New Member

Re: IPS - Brute Force Attack event

Authentication to the server in the DMZ zone (web Server, Exchange, ....)

Assume there is an application in the on the server, and you connect to the Server via HTTPS

does the IPS trigger any event, if some1 keeps trying to enter wrong user name or password (asssume he is using a Brute force attack software)

Re: IPS - Brute Force Attack event

Yes, there are a number of signatures responsible for login attacks such as:

3171 : FTP priviledged login

6252 : Rlogin Authorization Failure

5726 : Active Directory Failed Login

3201 : Unix Password File Access Attempt

And many other more.

Regards,

399
Views
0
Helpful
3
Replies