PostgreSQL.Login.Brute.Force
Description
This signature indicates a possible PostgreSQL Login Brute Force attempt.
A remote attacker might be sending multiple combinations of usernames and passwords to authenticate into a PostgreSQL server. The signature is triggered if there are more than 80 failed login attempts within 5 second. The threshold is configurable based on user's environment.
Affected Products
Any PostgreSQL server
Impact
Impact of a successful attack could vary, with the worse case being a system compromise.
Recommended Actions
Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |