For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aaron_Chandra_3

Icon for Nimbostratus rank

Nimbostratus

Jan 06, 2017

ASM-Dynamic Brute Force Protection

Hi,

Recently we had a brute force kind of attack where multiple login attempt made , the pattern is 3 request per second from 3 different ip's and the same ip's repeat after 20/40 minutes.. it goes on for an 2 hour or more. somehow we blocked it by geo control.. We have decided to create a ASM anamoly detection for brute force. does Dynamic Brute Force Protection prevent this kinf of attack? or do we have to create a custom made signature ? also we worried what if it triggered false positive. Pls let me know your thoughts.

ASM Advanced WAF

2 Replies

Aaron_Chandra_3
Nimbostratus
Jan 06, 2017
Just to add on.. its nt just 3 ip's ,total of 800 ip requests.
TayF5un
Nimbostratus
Jan 06, 2017
You should check the site: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5