Forum Discussion

Josh_Hildebran1's avatar
Josh_Hildebran1
Icon for Nimbostratus rankNimbostratus
Apr 27, 2007

iRule to thwart FTP brute force attacks?

Perhaps this falls under the FirePass product.. I'm not sure, since I don't have that product.

 

 

I'm curious if there is an "IPS" like rule that can stop FTP brute force attacks. Say after 100 attempts to log in via FTP through an FTP VIP on the BigIP within a 10 minute window, then it stops forwarding packets back to the source IP for a configurable amount of time (or for ever).

 

 

I really need to get an IPS.

1 Reply

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    You could certainly write something that had this kind of functionality. It would be a little bit involved, but not horribly difficult. I don't know of an example already on DevCentral that does exactly what you're asking, though.

     

     

    There should be some great examples in the forums and codeshare to help you get started. Something like this one has most of the logic and flow done for you already: Click here

     

     

    Colin