Block RDP Bruteforce with IDP Rule

Mario Posts: 62  Ally Member
edited April 14 in Security

At the KB you have an entry about blocking RDP bruteforce over IDP.
I'm not able to find the signature 1059803 as described in the KB.
@Zyxel: Why I can't find this rule?


Accepted Solution

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,017  Zyxel Employee
    @ Mario
    Regarding to this case,
    using Zywall110 with IDP version:
    Go to IDP>Profile>Click Add>Extend "Service:RDP", and you will see the RDP Brute Force Login.

  • Mario
    Mario Posts: 62  Ally Member
    Hi Charlie
    Thank you for the feedback. On a USG110 I was able to find this rule.
    But at ATP devices I don't find it. Is this USG only?
  • Mario
    Mario Posts: 62  Ally Member
    edited May 2020
    I've got it, thank you!
    But it's very complicated (or impossible) to find this rule:
    1. diffrent Signature between USG and ATP, but only the one for USG is in the KB
    2. the rule on ATP is "remote desktop protocoll" and on USG it's "RDP"
    3. the serach of the name dosn't let you search with withespace in the name, so you can only serch for "remote" and then you got about 300 result
    4. the advanced search dosn't help also, since the platform is "Linux FeeBSD" and not Windows and Service is MISC and not RDP

    You can choose some of this 4 points as an request to improve the usability of the USG/ATP.

    But thanks, I'll activate and see how it works!

  • NewLab
    NewLab Posts: 2
    Присоединяюсь к треду.
    USG FLEX 100
    130014 активирована, но касперский рапортует о брутфорс атаках на один хост.
    Атаки с периодичностью 3 в минуту.
    В логах тишина.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,017  Zyxel Employee

    Welcome to join the discussion. Can you please leave your message in English since this section we’ll mainly discuss in English to make sure all people here can well understand with each other. Or you’re welcome to leave your question by Russian in our Russian section.

Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!