itman 1,538 Posted December 10, 2019 Share Posted December 10, 2019 As far as I am aware of, Eset has no protection against it. On the other hand, Kaspersky's IDS has included it since 2014 on all product lines where IDS is included: https://www.kaspersky.com/blog/a-multiheaded-battering-ram-rdp-bruteforce-attacks-on-the-rise/14971/ Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted December 10, 2019 Most Valued Members Share Posted December 10, 2019 It would be much useful to know that the RDP is being brute-forced , and much more if the attempts would be blocked till the user apply any kind of other prevention like firewall or changing password or account lock-out. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,693 Posted December 11, 2019 Administrators Share Posted December 11, 2019 EIS+ESSP as well as business products v7+ protect from brute-force attacks by Network protection. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 359 Posted December 11, 2019 Most Valued Members Share Posted December 11, 2019 7 hours ago, Marcos said: EIS+ESSP as well as business products v7+ protect from brute-force attacks by Network protection. Does this include RDP? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,693 Posted December 11, 2019 Administrators Share Posted December 11, 2019 8 minutes ago, peteyt said: Does this include RDP? Yes, it also covers SQL and SMB brute-force attacks. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted December 11, 2019 Most Valued Members Share Posted December 11, 2019 10 minutes ago, Marcos said: Yes, it also covers SQL and SMB brute-force attacks. Does that apply also to File Security ? , and it would be very nice addition the advanced machine learning settings for File Security , because too much files would just come through the servers. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,693 Posted December 11, 2019 Administrators Share Posted December 11, 2019 10 minutes ago, Rami said: Does that apply also to File Security ? , and it would be very nice addition the advanced machine learning settings for File Security , because too much files would just come through the servers. Yes, EFSW v7.x has it as well. Nightowl 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted December 11, 2019 Most Valued Members Share Posted December 11, 2019 2 minutes ago, Marcos said: Yes, EFSW v7.x has it as well. Ok thank you very much , I will just wait for the advanced machine learning settings that came to the endpoints and consumer products , it would be much useful for 0-day threats or never seen before threats. Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 11, 2019 Author Share Posted December 11, 2019 9 hours ago, Marcos said: EIS+ESSP as well as business products v7+ protect from brute-force attacks by Network protection. I was aware that a RDP setting existed in Eset IDS. However per Eset online help, it only covers: Quote Protocol RDP – Detects and blocks various CVEs in the RDP protocol (see above). https://help.eset.com/eis/13/en-US/idh_config_epfw_advanced_settings.html As far as I am aware of, CVE's only pertain to known hardware/software vulnerabilities. A brute force RDP attack does not fall into this category to my best knowledge. Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 11, 2019 Author Share Posted December 11, 2019 Maybe the way to proceed is to verify Eset's RDP brute force password protection. For anyone using RDP, here is an article listing a number of RDP brute force attack tools that are readily available for penetration testing: https://resources.infosecinstitute.com/popular-tools-for-brute-force-attacks/ Link to comment Share on other sites More sharing options...
Recommended Posts