FTP Brute-Force Protection
Protection Overview
RdpGuard protects your FTP server from
brute-force attacks.
It monitors the FTP server logs (or port) and blocks the attacker's IP address when the number of
failed login attempts reaches a set limit.
Please check out the instructions below to learn how to enable and configure FTP brute force protection.
To enable and configure FTP brute-force protection
1. Launch RdpGuard Dashboard and click the link next to FTP
FTP Protection Link in RdpGuard Dashboard
The FTP Settings dialog will open:
FTP Detection Engine Settings. Default monitoring method is Logs.
Monitoring method for FTP protocol
The following monitoring methods are supported for FTP protocol:
Log based monitoring
Monitoring via Logs is the recommended default option. This monitoring method works with specific FTP server logs
and is more resource efficient than Traffic.
SSL/TLS connections and username detection are supported.
FTP server
The following FTP servers are supported for now:
Log files directory
Specify log files directory used by selected FTP server.
Traffic based monitoring
Monitoring via Traffic is the second option. This monitoring method works with any FTP server and
uses more resources than Logs.
SSL/TLS connections and username detection are not supported.
FTP Monitoring via Traffic
The following traffic based monitoring methods are supported
-
WinPcap
- Works on all Windows Editions, WinPcap must be installed.
-
Raw Sockets - Does not work on Windows Server 2008 or with firewalls.
FTP port
You may specify multiple comma-separated ports for FTP traffic monitoring.
|
