10-14-2020 01:17 AM
hello,
I wanna know if there have any way to prevent a brute login attack. e.g. if a user or IP login 5 times failure, ASA or cat switch will lock the use or IP for 30 minutes.
how to config ?
PS:
on ASA currently, we use: aaa local authentication attempts max-fail 5
this need manual to unlock the user which is not meet our requirement. we wanna the user or IP will auto unlock after a period.
thanks
Solved! Go to Solution.
10-14-2020 11:11 AM
I don't believe there is a way to do similar on the ASA.
10-15-2020 04:00 AM
No I don't think you can do that per user basis, however, what you can do in this case as a workaround would be to define an ACL and apply it to the device to exempt the blocking to the IP/subnet defined in it, kinda a backdoor access in addition to the console port. By doing that, during the blocking period, the device will still allow accesses from that IP/subnet defined in the ACL. Here is an example:
access-list 150 permit tcp 192.168.0.1 0.0.0.255 any eq 22
login quiet-mode access-class 150
10-14-2020 01:31 AM
we know the switch command:
SW3850(config)#login block-for 120 attempts 5 within 120
now, just need the ASA command
10-14-2020 11:11 AM
I don't believe there is a way to do similar on the ASA.
10-14-2020 08:09 PM
I tried login block-for 1800 attempts 5 within 300 on my switch
it seemd will locked whole device login, so that will making dos attack.
if there has a way can only lock the user or IP ?
thanks
10-15-2020 04:00 AM
No I don't think you can do that per user basis, however, what you can do in this case as a workaround would be to define an ACL and apply it to the device to exempt the blocking to the IP/subnet defined in it, kinda a backdoor access in addition to the console port. By doing that, during the blocking period, the device will still allow accesses from that IP/subnet defined in the ACL. Here is an example:
access-list 150 permit tcp 192.168.0.1 0.0.0.255 any eq 22
login quiet-mode access-class 150
10-14-2020 02:23 AM
Look at some recomendation for Preventing Network Attacks - , is this works for you ?
https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/protect.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide