Difference between revisions of "HIDS 60205"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 60205 '''Status''' Active rule currently published. ''Message Example''' hostname mod_evasive[12345]: Blacklisting address 1.2.3.4: possible DoS attack. '''...")

Revision as of 10:50, 8 August 2011

Rule ID

60205

Status

Active rule currently published.

Message Example'

hostname mod_evasive[12345]: Blacklisting address 1.2.3.4: possible DoS attack.

Description

This rule detects when the mod_evasive module is triggered. mod_evasive is a Denial Of Service deteciton module for apache, it detects when an IP address exceeds a connection threshold (X connection in Y seconds).

False Positives

This rule can be falsely triggered if the configured thresholds for the system have been exceeded.

If you believe that this is a false positive, then either disable the DOS protections in ASL, increase the thresholds or whitelist the IP. The section below provides a link to the process for doing this.

Tuning Recommendations

Please see the Mod_evasive wiki page for detailed guidance.

Similar Rules

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_60205&oldid=1824"
Personal tools