HIDS 60905
From Atomicorp Wiki
Rule 60905 | |
---|---|
Status | Active |
Alert Message | Multiple authentication failures from same source. |
Contents |
[edit] Description
ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 10 failures in 60 seconds.
[edit] Troubleshooting
[edit] Solutions
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.
[edit] False Positives
Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:
https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives
[edit] Additional Information
[edit] Similar Rules
[edit] Knowledge Base Articles
None.
[edit] External Articles
None.