Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 26 subscribers
  • Views 13582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG rdp brute force protction

Jeroenhuisveilig

Hi all

 

I am enjoying the xg firwall of sphos (SFVH (SFOS 15.01.0 MR-1.1)), really great so far !

 

a lot is clear and works very well, a few things I cannot find or do not know how to get it right. but sure it will come

 But this one I would like to ask here, I have found the bruteforce protection for ftp, but can't find it for RDP

or can I make a own IPS package to protect my windows 7 RDP (3389) pc ?

 

best regards

 

Jeroen



This thread was automatically locked due to age.
Parents
  • 0

    Hi

    ahhh I have found the: Appendix B – IPS - Custom Pattern Syntax ( and the rest of the manual :))

    I start really loving this firewall.

    I have found on some sites some info I will try as ips signiture in the xg.

    it is NOT tested but this is what I found and translated to the xg: content:"|e0|";distance:5;within:1;dstport:3389;flow:from_client;seq:1;offset:1;

    I only miss what I can use for the rate limit then it should be complete.

    I will go further discover the XG

    any tips around this are still very welcome

    Jeroen

  • 0 in reply to Jeroenhuisveilig

    Jeroen,

    XG allows to create custom IPS rules. The appendix has all the info to create custom one. Let us know if you are able to create RDP - Brute force IPS rule and share it.

    Thanks.

  • 0 in reply to lferrara

    Hi,

    sure I will if you can give me more info about tcp rate limit it could be a succes. I am not a certified tcp ip expert so ...

    so far nothing special happend

    Jeroen

Reply Children