Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS & Dictionary Attacks / Multiple Failed Logon Attempts

Could anyone enlighten me on answering this question:

Could an ASA 5520(IPS) stop a dictionary attack from happening and could it pickup alerts for multiple failed logon attempts inside the network?

Any help would be great. Thanks.

5 REPLIES
Gold

Re: IPS & Dictionary Attacks / Multiple Failed Logon Attempts

Probably, but it depends entirely on which protocol you're talking about. I have attached a snapshot of signatures containing "authorization failure" in the name. there may be others. You should be able to use these (or a variant) to do what you want.

New Member

Re: IPS & Dictionary Attacks / Multiple Failed Logon Attempts

mhellman,

Can you post the contents of your attachment? I am not going to open a file on a blog.

Gold

Re: IPS & Dictionary Attacks / Multiple Failed Logon Attempts

It's a jpeg image file. Sorry, no...I'm not going to transcribe the text in the image. FWIW, your browser automatically fetches and open hundreds, probably thousands, of remote images every day as you use the web. The risk is exactly the same. The ONLY different is that you don't have to think about it;-)

New Member

Re: IPS & Dictionary Attacks / Multiple Failed Logon Attempts

Thanks for your feedback.

New Member

Re: IPS & Dictionary Attacks / Multiple Failed Logon Attempts

thank you, i was looking for an answer to this for a while!

211
Views
10
Helpful
5
Replies