virus logo Intrusion Prevention

PostgreSQL.Login.Brute.Force

description-logoDescription

This signature indicates a possible PostgreSQL Login Brute Force attempt.
A remote attacker might be sending multiple combinations of usernames and passwords to authenticate into a PostgreSQL server. The signature is triggered if there are more than 80 failed login attempts within 5 second. The threshold is configurable based on user's environment.

affected-products-logoAffected Products

Any PostgreSQL server

Impact logoImpact

Impact of a successful attack could vary, with the worse case being a system compromise.

recomended-action-logoRecommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-04-30 15.831 Default_action:pass:drop
2020-04-20 15.823
ID 48914
Created Apr 20, 2020
Updated Jul 10, 2023
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS All
Affected App PostgreSQL