MSSQL.BruteForce.Login
Description
This signature indicates an anomaly in the usage of the MS SQL protocol.
The default threshold is 50 MS SQL login failures within a short period of time 1 second between a unique pair of hosts. This could indicate an attempt at brute forcing the login by trying multiple user names and passwords. The threshold is configurable based on user's environment.
Affected Products
Any server running MS-SQL.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
It indicates detection of traffic that does not comply to the protocol standard. Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |