Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Brute Force Attack via FTP

Steve Murray08-04-2022 10:27

do you know of a way someone could keep a session open with an FTP while brute forcing it? #CloudWAF(formerlyIncapsula) ...

Sarah Lamont08-05-2022 10:42

Hey Steve, Thanks for posting. I checked in with our team and this was their response... The WAF ...

1. Brute Force Attack via FTP

Like
Steve Murray
Posted 08-04-2022 10:27
Edited by Sarah Lamont 08-04-2022 10:26
do you know of a way someone could keep a session open with an FTP while brute forcing it?

#CloudWAF(formerlyIncapsula)

------------------------------
Steve Murray
Security Engineer, TVM, Appsec, WAF
Nashville TN
------------------------------
2. RE: Brute Force Attack via FTP

Like
Sarah Lamont
Posted 08-05-2022 10:42
Hey Steve,

Thanks for posting. I checked in with our team and this was their response...

The WAF will detect suspicious activity over http/https (80/443)
There are many cases where the attacker/user can send FTP(20/21) over HTTP, in that case, the WAF will flag brute force activity. Imperva WAF also protects against manual brute force attacks. When a user makes repeated attempts to access a system, or successively attempts different credentials following a pattern, Imperva will detect this anomalous activity, block the user and alert security staff.

We can also create an Incaprule for bruteforcing.
https://www.imperva.com/blog/incaprules-brute-force-protection/

I hope this helps. Let me know if you have any more questions.

------------------------------
Sarah Lamont
Digital Community Manager
------------------------------

Powered by Higher Logic

Global message icon