Imperva Cyber Community

 View Only
  • 1.  Brute Force Attack via FTP

    Posted 8 days ago
    do you know of a way someone could keep a session open with an FTP while brute forcing it?

    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Steve Murray
    Security Engineer, TVM, Appsec, WAF
    Nashville TN
    ------------------------------


  • 2.  RE: Brute Force Attack via FTP

    Posted 7 days ago

    Hey Steve,

    Thanks for posting. I checked in with our team and this was their response...

    The WAF will detect suspicious activity over http/https (80/443)
    There are many cases where the attacker/user can send FTP(20/21) over HTTP, in that case, the WAF will flag brute force activity. Imperva WAF also protects against manual brute force attacks. When a user makes repeated attempts to access a system, or successively attempts different credentials following a pattern, Imperva will detect this anomalous activity, block the user and alert security staff.

    We can also create an Incaprule for bruteforcing.
    https://www.imperva.com/blog/incaprules-brute-force-protection/

    I hope this helps. Let me know if you have any more questions.



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------