F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Tom_9252's avatar
Tom_9252
Icon for Nimbostratus rankNimbostratus
Jan 08, 2016

Suggestions for dealing with SMTP brute force attacks with ASM/PSM

We are in the process of firing up a shiny new ASM solution, and in doing so one of the areas we are looking for help in mitigating is SMTP brute force login attacks. I know that the ASM (or I guess more accurately the PSM) provides a SMTP security profile configuration that has some nice options for actual mail delivery and protocol access, but nothing specific to login.

 

Basically what we are looking to do is very much akin to the login page security options, where we detect SMTP login failures above a certain threshold and block the IP for a period of time.

 

Anyone out there have any suggestions? Something I'm missing (I'm new to ASM so apologies if this is a total n00b question)? Will the ASM in learning mode be able to detect and create a policy option based on this behavior in some other part of the configuration? Something an iRule could do for us?

 

Thanks!

 

ASM Advanced WAF
security
smtp

1 Reply

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Feb 01, 2016

    Hey Tom, welcome to the wonderful world of ASM. PSM is actually part of AFM now. Our SMTP protection is not nearly as comprehensive as our HTTP protection. Your best bet for this would be to contact support (and your account team) and ask them to open a request for enhancement to add brute force protection to the SMTP security module.