Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

How to Block FTP Brute force attacks??

Does anyone know how to configure a signiture to detect when a FTP server is being brute force attacked? It would be nice to have the Fortigate block this.
3 REPLIES 3
abelio
SuperUser
SuperUser

Take a look to FTP_decoder signatures INtrusion Protection->Signature->Protocol Decoder->ftp_decoder specially " FTP.Login.Failed" and " FTP.Bounce.Attack" ones, and adjust Action and protection profiles accordingly.

regards




/ Abel

regards / Abel
Not applicable

I would like to " Drop Session" after several detections of failed login. Is there a way to set a threshold or would it drop session after the first detection? Thanks
abelio

Try with " Reset client" first . Thresholds are pre-defined in traffic anomalies, changing that values requires a deeper study of type of traffic in your network. Take a look to ' IPS Guide' to go further: http://docs.forticare.com/fgt/techdocs/FortiGate_IPS_Guide_01_30005_0080_20070725.pdf

regards




/ Abel

regards / Abel
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors