Snort/Suricata: a rule for blocking RDP attacks
-
Hi mates,
I am searching for a rule for limit RDP burst. I have a lot of connection retries from unknown IPs registered in Windows events.
Due to connection from mobile, I cannot limit the firewall rule only from some IPs.
Is there a way to limit the retries with Snort or Suricata? for example, 3 retries in 5 minutes should be enough...Thanks all!
-
@delumerlino said in Snort/Suricata: a rule for blocking RDP attacks:
am searching for a rule for limit RDP burst. I have a lot of connection retries from unknown IPs registered in Windows events.
Due to connection from mobile, I cannot limit the firewall rule only from some IPs.
Is there a way to limit the retries with Snort or Suricata? for example, 3 retries in 5 minutes should be enough...Have a look here:-
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html