HIDS 171006

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

171006

Message

Multiple rapid Exim authentication failures.

Description

This rule detects when exim reports a number of incorrect authentication failures for the same IP over a long period of time. The threshold is 8 failures in 1 hour.

This detects slow brute force attacks.

False Positives

There are no known false positive for this rule.

Tuning Recommendations

None.

Similar Rules

HIDS_171003

HIDS_171004

HIDS_171006


Knowledge Base Articles

None.

Outside References

None.

Notes

None.

Personal tools