Knowledge Base

How to block brute force attacks in the network?

Question

We have problems with brute force attacks in the network.
How do I proceed with the configuration to block brute force attacks?

Answer

Create a IDP profile and activate SID 1059803 "RDP Brute Fore Login".
Set log alert and action for this signature ID.
 
In Security Policy Control, apply this IDP rule to corresponding policy for RDP access.
In MONITOR > UTM Statistics > IDP, turn on "Collect Statistics".
If the brute fore attack is detected by IDP, you can find the source IP in MONITOR > UTM Statistics > IDP > Statistics. Then block this source IP address in security policy rule.
 
Additional information: On ATP series, the signature ID of RDP Brute Force Login is 130014.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:017932
TYPE:General Info
FIRMWARE:4.35
VIEWS:126
VOTES:1
TECHNOLOGY:
MODEL:USG110,USG1100,USG1900 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support