Difference between revisions of "HIDS 4151"
From Atomicorp Wiki
m |
m |
||
| Line 9: | Line 9: | ||
= Description = | = Description = | ||
| − | ASL has detected multiple attempts to access a port that the firewall has been told to block. | + | ASL has detected multiple attempts to access a port that the firewall has been told to block, and ASL has blocked it. When ASL detects this occurring, it will also shun the IP address based on the [https://www.atomicorp.com/wiki/index.php/ASL_Configuration#OSSEC_SHUN_TIME OSSEC_SHUN_TIME] configured on the system. |
= Troubleshooting = | = Troubleshooting = | ||
Revision as of 11:52, 3 December 2012
| Rule 4151 | |
|---|---|
| Status | Active |
| Alert Message | Multiple Firewall drop events from same source. |
Contents |
Description
ASL has detected multiple attempts to access a port that the firewall has been told to block, and ASL has blocked it. When ASL detects this occurring, it will also shun the IP address based on the OSSEC_SHUN_TIME configured on the system.
Troubleshooting
False Positives
None.
If you do not wish to block access to this port, please see the Tuning Guidance below.
Tuning Guidance
To configure the firewall to allow connections to this port, please see the ASL firewall documentation page.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
