Hey Steve,
Thanks for posting. I checked in with our team and this was their response...
The WAF will detect suspicious activity over http/https (80/443)
There are many cases where the attacker/user can send FTP(20/21) over HTTP, in that case, the WAF will flag brute force activity. Imperva WAF also protects against manual brute force attacks. When a user makes repeated attempts to access a system, or successively attempts different credentials following a pattern, Imperva will detect this anomalous activity, block the user and alert security staff.
We can also create an Incaprule for bruteforcing.
https://www.imperva.com/blog/incaprules-brute-force-protection/
I hope this helps. Let me know if you have any more questions.
------------------------------
Sarah Lamont
Digital Community Manager
------------------------------
Original Message:
Sent: 08-04-2022 09:19
From: Steve Murray
Subject: Brute Force Attack via FTP
do you know of a way someone could keep a session open with an FTP while brute forcing it?
#CloudWAF(formerlyIncapsula)
------------------------------
Steve Murray
Security Engineer, TVM, Appsec, WAF
Nashville TN
------------------------------