Now over hear instead of us being the attacker, we are the defender, an SOC analyst. We were given a monitoring system which detects suspicious attempts and reports them to us. It reported that FakeBank.com was accessed on the admin endpoint so I had to block the source of the traffic. Joe (the SOC analyst) added rate limiting. Rate limiting helps as it caps the amount of requests a user can send to the server. Dirb works by sending hundreds or thousands of requests per second. which means rate limiting throttles or blocks it. and Web Application Firewall (WAF). The firewall allowed me to block the traffics Ip so that source could not access the website again.
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (0)