WAF & Directory Brute Forcing
WAF & Bruteforcing
The AWS WAF account takeover prevention (ATP) managed rule group inspects malicious requests that attempt to take over your account. For example, brute force login attacks that use trial and error to guess credentials and gain unauthorized access to your account.
The ATP rule group is an AWS managed rule group that contains predefined rules that provide visibility and control over requests performing anomalous login attempts.
Use the following subset of rules in the ATP rule group to help block brute force attacks:
VolumetricIpHigh Inspects for high volumes of requests sent from individual IP addresses.
Inspects for attempts that use password traversal.
Inspects for attempts that use long lasting sessions.
Inspects for attempts that use username traversal.
VolumetricSession Inspects for high volumes of requests sent from individual sessions.
Inspects for missing credentials.
A combination of the following could potenially help bypass a WAF when directory bruteforcing or login bruteforcing.
- Rotate your IP
- Use a Legitimate User Agent instead of feroxbuster, gobuster, nesus, etc...
- Rotate your user agent
- Add a delay between requests
- Randomize the delay between requests
- Limit the number of requests sent concurrently
References: Prevent brute force attacks with AWS WAF (amazon.com)