https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140748#M77654 <HTML><HEAD></HEAD><BODY><P>Yes, there are a number of signatures responsible for login attacks such as:</P><P></P><P>3171 : FTP priviledged login</P><P>6252 : Rlogin Authorization Failure</P><P>5726 : Active Directory Failed Login</P><P>3201 : Unix Password File Access Attempt</P><P></P><P>And many other more.</P><P></P><P>Regards,</P></BODY></HTML> Thu, 19 Feb 2009 11:12:47 GMT Mo'ath Al Rawashdeh 2009-02-19T11:12:47Z https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140745#M77651 <P>HI all</P><P>I have an AIP-SSM on a ASA where all traffic is directed to it.</P><P>I have a WEB Server connected to the DMZ zone and users connect to it on a secure connection (HTTPS)</P><P>So my question is, if someone do a Brute Force Attack to authenticate itself, does the IPS catch this kind of attack??? </P><P>does it differs on the IPS level if the server works on HTTP or HTTPS?</P><P></P> Sun, 10 Mar 2019 11:30:55 GMT https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140745#M77651 jorjes1984 2019-03-10T11:30:55Z https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140746#M77652 <HTML><HEAD></HEAD><BODY><P>Hi Jorjes,</P><P></P><P>Authenticate to which service do you mean(Remote desktop, telnet, ssh, FTP,...)?</P></BODY></HTML> Thu, 19 Feb 2009 09:16:08 GMT https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140746#M77652 Mo'ath Al Rawashdeh 2009-02-19T09:16:08Z https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140747#M77653 <HTML><HEAD></HEAD><BODY><P>Authentication to the server in the DMZ zone (web Server, Exchange, ....)</P><P>Assume there is an application in the on the server, and you connect to the Server via HTTPS</P><P>does the IPS trigger any event, if some1 keeps trying to enter wrong user name or password (asssume he is using a Brute force attack software)</P></BODY></HTML> Thu, 19 Feb 2009 10:44:18 GMT https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140747#M77653 jorjes1984 2009-02-19T10:44:18Z https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140748#M77654 <HTML><HEAD></HEAD><BODY><P>Yes, there are a number of signatures responsible for login attacks such as:</P><P></P><P>3171 : FTP priviledged login</P><P>6252 : Rlogin Authorization Failure</P><P>5726 : Active Directory Failed Login</P><P>3201 : Unix Password File Access Attempt</P><P></P><P>And many other more.</P><P></P><P>Regards,</P></BODY></HTML> Thu, 19 Feb 2009 11:12:47 GMT https://community.cisco.com/t5/network-security/ips-brute-force-attack-event/m-p/1140748#M77654 Mo'ath Al Rawashdeh 2009-02-19T11:12:47Z