Block brute force
One can either enable or disable this feature.
The tresholds are set for 1-5 pitches.
>=3 attempts - blocked for 5 minutes
>=10 attempts - blocked for 30 minutes
>=20 attempts - blocked for 2 hours
>=30 attempts - blocked for 1 week
>=40 attempts - blocked for 1 month
This should be possible for all users and if possible for ftp/website access as well (additional to rdp/computer configurable for each intranet site?)
Alexandr Petnitsky commented
Is it possible to use embedded snort for this?
Michael Hommon commented
Make it possible to unlock again an IP too, in case there was a configuration Error.
they never done rigth
German Ruiz commented
The intrusion prevention system is very good. However blocking ip after a number of attempts would be very helpful. Currently I have to manually block ip so thousands of connections are not permanently hitting on our servers.
I give a 3 votes
brute force detection. for ftp http telnet rdp smtp sip.
create a Blacklist and honeypots to have more shield against attacker
and have a report of all data...