"Brute Force Attack" message (Full Version)

All Forums >> [ISA Server 2000 General] >> Server Publishing



Message


ksmith -> "Brute Force Attack" message (10.Dec.2001 7:57:00 PM)

Hi:

I recently setup an FTP server and exposed it using a Server Publishing Rule. I was able to log in without any problems for a few days, but now whenever I log in (from any ip address), I get the following message:

530 Brute Force Attack, your IP has been looked, and futher access is not allowed.

If I disable, then re-enable the server rule, the FTP server works again.

Any thoughts about what this means and what I can do about it? What does "looked" mean?

Thanks
Keith





tshinder -> RE: "Brute Force Attack" message (14.Dec.2001 8:17:00 PM)

Hi Keith,

I'm not aware of any documentation on this! I assume that the ISA Server initiated this response, but I don't see anywhere where you can control this behavior. Would be interesting to know which alert triggered this, because then you could trigger the Alert to restart the service.

HTH,
Tom

------------------
http://www.isaserver.org/shinder/


Get It Here!





ksmith -> RE: "Brute Force Attack" message (14.Dec.2001 9:03:00 PM)

Hi:

I figured this one out... the message is actually being generated by the FTP server itself. I had thought this was the firewall initially.

Thanks for your insight.
Keith

quote:
Originally posted by tshinder:
Hi Keith,

I'm not aware of any documentation on this! I assume that the ISA Server initiated this response, but I don't see anywhere where you can control this behavior. Would be interesting to know which alert triggered this, because then you could trigger the Alert to restart the service.

HTH,
Tom






Page: [1]