Detection of brute force login attempts

yes, i believe there are a couple of IPS signatures for that, and you can create custom signatures for your needs.

Hi, and welcome to the forums! If you write an IPS custom signature you can protect almost any service from high connection rates. Basically, the signature detects session inits via the SYN flag. Restrict the sensor to the traffic that you want to protect (ftp, ssh,...) and combine the ' block' action with a quarantine delay of a couple of minutes. Otherwise the attack just goes on. See this KB article: " Technical Note : creating custom IPS signature to detect a pattern rate - example to detect a Brute-force attack" http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD32342 and an old thread here http://support.fortinet.com/forum/tm.asp?m=63465 for examples.