Query for Cisco FTD Brute Force Attack

pinjar84062 · ‎05-29-2020

Hellow Everyone,

We have a query about Brute force attack. Can Cisco FTD(2110) prevent brute force attack through IPS? I know that, IPS has a brute force attack signature. When i have enabled this signature it do not drops any brute force attack packet. So please tell me how can we prevent this attack or share procedure.
Thanks for advance.

Regards,

Samiul Islam

Marvin Rhoads · ‎05-30-2020

"Brute Force Attack" is not a precise term. What exactly are you trying to protect against?

pinjar84062 · ‎05-30-2020

Hello Sir,

Thanks for your Reply.

I want to prevent ssh attack by IPS Rules.
For example IPS Signature :
source ip: any
destination ip : Our organization Server IP
Source Port: any
Destination Port: SSH/22
Number of SSH TRY for Server: 10
Time Duration: 60 Second
Action: Block and Generate Events.

Is that possible through IPS? Is possible, please share the procedure.

Marvin Rhoads · ‎05-31-2020

It's done via the Network Analysis Policy.

See the following for configuration instructions:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/detecting_specific_threats.html#ID-2236-00000386

buffkata · ‎07-27-2023

Marvin, Is there are newer guide - for FMC version 7.2.4 and later. Seams that the guide you post is for much older version and not able to find the settings ?