Forum Discussion

Jose_Santiago_O's avatar
Jose_Santiago_O
Icon for Nimbostratus rankNimbostratus
May 15, 2008

Prevent ftp brute force attack using irules.

Hi,     Does anyone know how to prevent ftp brute force attacks using irules? I have an ftp server and everyday i see a lot of connections comming from different countries trying to get acc...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
May 15, 2008
There are a few different approaches you could try, but the one you outlined above is probably the simplest. Since there is no host header readily available via TMM's inpsection engine, when dealing with an FTP connection, you'll need to use the TCP::collect and TCP::payload commands to collect and inspect the payload data, but you should be able to accomplish basically the same thing as you would with HTTP connections.

 

 

When the connection comes in, collect some data, inspect it to find out what host name the request is intended for. If it doesn't match one of your domains, toss it.

 

 

If you need some help getting started, let us know.

 

 

Colin