I want to create a DI rule to prevent RDP login brute force (port 3389)
for example, if it's detected 10 authentication failure from a specific IP address within 1 minute, then the IP address is blocked. However, I cant find attack definition for RDP brute force, only HTTP & FTP brute-force. Also, there is no signature context for RDP.
Can someone please give me an example how to create attack definition for RDP brute-force, or at least point me to a related information on how to make it. So far the guidance that I found are for SRX, but I'm using ScreenOS 6.3.0r24 in my Juniper SSG-350M.
Thanks.
PS: the attacker IP is not static, it is changed after some period of time.