Intrusion Prevention

FTP.Login.Brute.Force

Description

This indicates multiple FTP login failures sent by an FTP server to the same FTP client occurring in a short period of time (200 times in 10 seconds). It indicates that an attacker is attempting a brute force login on the FTP server.

Affected Products

All FTP servers

Impact

Impact of a successful attack could vary, with the worse case being a system compromise.

Recommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.