Difference between revisions of "HIDS 60904"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with " {{Infobox |header1= Rule 60904 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Rapid SMTP password incorrect events from the same IP source. }} = Descript...")
 

Latest revision as of 12:39, 24 September 2014

Rule 60904
Status Active
Alert Message Rapid SMTP password incorrect events from the same IP source.

Contents

[edit] Description

ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 6 failures in 8 seconds.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course allow this attacker to continue to brute force accounts in your mail server.

[edit] False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

[edit] Additional Information

[edit] Similar Rules

HIDS_60905

HIDS_60906

[edit] Knowledge Base Articles

None.

[edit] External Articles

None.

Personal tools