Block RDP Bruteforce with IDP Rule

MarioMario Member, SecuReporterBeta Posts: 16  Freshman Member
Hi

At the KB you have an entry about blocking RDP bruteforce over IDP.
I'm not able to find the signature 1059803 as described in the KB.
@Zyxel: Why I can't find this rule?

Thanks
Mario



Accepted Solution

All Replies

  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 859  mod
    @ Mario
    Regarding to this case,
    using Zywall110 with IDP version:3.2.4.161
    Go to IDP>Profile>Click Add>Extend "Service:RDP", and you will see the RDP Brute Force Login.

  • MarioMario Member, SecuReporterBeta Posts: 16  Freshman Member
    Hi Charlie
    Thank you for the feedback. On a USG110 I was able to find this rule.
    But at ATP devices I don't find it. Is this USG only?
    Mario
  • MarioMario Member, SecuReporterBeta Posts: 16  Freshman Member
    edited May 27, 2020 10:58PM
    I've got it, thank you!
    But it's very complicated (or impossible) to find this rule:
    1. diffrent Signature between USG and ATP, but only the one for USG is in the KB
    2. the rule on ATP is "remote desktop protocoll" and on USG it's "RDP"
    3. the serach of the name dosn't let you search with withespace in the name, so you can only serch for "remote" and then you got about 300 result
    4. the advanced search dosn't help also, since the platform is "Linux FeeBSD" and not Windows and Service is MISC and not RDP

    You can choose some of this 4 points as an request to improve the usability of the USG/ATP.

    But thanks, I'll activate and see how it works!
    Mario





Sign In to comment.