Forum Discussion

toneman172_1806's avatar
toneman172_1806
Icon for Nimbostratus rankNimbostratus
Nov 22, 2017

Brute Force Protection

Hello, When configuring brute force protection on v12.1.2, it seems session-based protection overrides dynamic protection since a user will be blocked after the 'Login Attempts From The Same Client' threshold has been exceeded. Is dynamic protection still acting on brute force attempts even after session-based protection has blocked that session? One more question... can anyone conform for me that session-based protection does NOT block by IP address? Thanks!!

 

1 Reply

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Toneman172,

     

    Session and dynamic based are mitigating two different scenarios so won't necessarily compete with each other.

     

    Session based centres on cookies with a malicious user repeatedly attempting to login with same browser session on the same client.

     

    Dynamic is more relevant to tool based attacks which don't use cookies so won't trigger session based attacks. Here asm is looking for high threshold attacks, most like from different IPs.

     

    Also, session will send a blocking page in a http response so is a client mitigation and not one simply blocking an IP address.

     

    Hope this helps,

     

    N