HIDS 60905

From Atomicorp Wiki
Jump to: navigation, search
Rule 60905
Status Active
Alert Message Multiple authentication failures from same source.

Contents

[edit] Description

ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 10 failures in 60 seconds.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.

[edit] False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

[edit] Additional Information

[edit] Similar Rules

HIDS_60904

HIDS_60906

[edit] Knowledge Base Articles

None.

[edit] External Articles

None.

Personal tools