Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2466
Views
0
Helpful
1
Replies

CISCO ASA 5505 : How to block a ip doing brute force attack on Remote Desktop ?

chdalleux
Level 1
Level 1

‎02-26-2015 08:08 AM - edited ‎03-11-2019 10:33 PM

Hi all,

 

I have a fixed ip and I am under attack by a brute force / hammering on port 3389 for the Remote Desktop Connection.

I want the CISCO 5505 to detect the attack (for example if they try 5 connections in 3 minutes) and then to ban / shun the attacker ip for one day.

Is it possible ? How ?

 

Note : I don't want to change the 3389 port.

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎02-28-2015 07:55 AM

You would need an IPS module to do that.

http://www.cisco.com/c/en/us/products/collateral/security/intrusion-prevention-system/product_bulletin_c25-528621.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card