HIDS 60904

From Atomicorp Wiki
Jump to: navigation, search
Rule 60904
Status Active
Alert Message Rapid SMTP password incorrect events from the same IP source.

Contents

[edit] Description

ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 6 failures in 8 seconds.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course allow this attacker to continue to brute force accounts in your mail server.

[edit] False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

[edit] Additional Information

[edit] Similar Rules

HIDS_60905

HIDS_60906

[edit] Knowledge Base Articles

None.

[edit] External Articles

None.

Personal tools