Difference between revisions of "HIDS 60905"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with " {{Infobox |header1= Rule 60905 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Multiple authentication failures from same source. }} = Description = ASL ...")
 

Latest revision as of 12:40, 24 September 2014

Rule 60905
Status Active
Alert Message Multiple authentication failures from same source.

Contents

[edit] Description

ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 10 failures in 60 seconds.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.

[edit] False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

[edit] Additional Information

[edit] Similar Rules

HIDS_60904

HIDS_60906

[edit] Knowledge Base Articles

None.

[edit] External Articles

None.

Personal tools