Difference between revisions of "HIDS 4151"
From Atomicorp Wiki
m |
m |
||
| Line 9: | Line 9: | ||
= Description = | = Description = | ||
| − | ASL has detected multiple attempts to access a port that the firewall has been | + | ASL has detected multiple attempts to access a port that the firewall has been configured by the user to block, and ASL has blocked this access. When ASL detects this has occurred multiple times, it will also shun the IP address based on the [https://www.atomicorp.com/wiki/index.php/ASL_Configuration#OSSEC_SHUN_TIME OSSEC_SHUN_TIME] configured on the system. |
= Troubleshooting = | = Troubleshooting = | ||
Revision as of 15:37, 28 December 2012
| Rule 4151 | |
|---|---|
| Status | Active |
| Alert Message | Multiple Firewall drop events from same source. |
Contents |
Description
ASL has detected multiple attempts to access a port that the firewall has been configured by the user to block, and ASL has blocked this access. When ASL detects this has occurred multiple times, it will also shun the IP address based on the OSSEC_SHUN_TIME configured on the system.
Troubleshooting
False Positives
None.
If you do not wish to block access to this port, please see the Tuning Guidance below.
Tuning Guidance
To configure the firewall to allow connections to this port, please see the ASL firewall documentation page.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
