iRule to thwart FTP brute force attacks?

Question

Perhaps this falls under the FirePass product.. I'm not sure, since I don't have that product.&nbsp;
&nbsp;I'm curious if there is an "IPS" like rule that can stop FTP brute force attacks.  Say after 100 attempts to log in via FTP through an FTP VIP on the BigIP within a 10 minute window, then it stops forwarding packets back to the source IP for a configurable amount of time (or for ever).&nbsp;
&nbsp;I really need to get an IPS.

colin_walker_12 · Answer

You could certainly write something that had this kind of functionality. It would be a little bit involved, but not horribly difficult. I don't know of an example already on DevCentral that does exactly what you're asking, though.&nbsp;
&nbsp;There should be some great examples in the forums and codeshare to help you get started. Something like this one has most of the logic and flow done for you already: Click here&nbsp;
&nbsp;Colin

Forum Discussion

iRule to thwart FTP brute force attacks?

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Scenarios where Service Policy should be used over iRule and Vice versa

Issue on connection limit

Request logging: some fields not recorded

ASM Sec-CH-UA-Full-Version-List backquote in Header

F5 Distributed Cloud Services Simulator Connect

Related Content

Implementing The Exponential Backoff Algorithm To Thwart Dictionary Attacks

Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS

The HTTP/2 CONTINUATION frame attack

Attacks against Domain Specific Languages, EU Cybersecurity Laws, & Supply Chain Attacks

iRule for Brute Force Password Guessing Attacks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS