HIDS 60905

From Atomicorp Wiki
Jump to: navigation, search
Rule 60905
Status Active
Alert Message Multiple authentication failures from same source.


[edit] Description

ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 10 failures in 60 seconds.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.

[edit] False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:


[edit] Additional Information

[edit] Similar Rules



[edit] Knowledge Base Articles


[edit] External Articles


Personal tools