HIDS 171303

From Atomicorp Wiki
Jump to: navigation, search
Rule 171303
Status Active
Alert Message Known brute force attacker.

Contents

[edit] Description

ASL has detected a known brute force attacker that is attempting to brute force accounts in your mail server.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course allow this attacker to continue to brute force accounts in your mail server.

[edit] False Positives

None. Please do not report this as a false positive unless ASL is incorrectly reporting an event that is:

1) not exim

or

2) you know this is not a brute force attacker, and please provide your mail logs if you believe this is the case and any other information you have have to help us understand what is happening with your system.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] External Articles

None.

Personal tools