Difference between revisions of "HIDS 60905"
From Atomicorp Wiki
(Created page with " {{Infobox |header1= Rule 60905 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Multiple authentication failures from same source. }} = Description = ASL ...") |
Latest revision as of 12:40, 24 September 2014
Rule 60905 | |
---|---|
Status | Active |
Alert Message | Multiple authentication failures from same source. |
Contents |
[edit] Description
ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 10 failures in 60 seconds.
[edit] Troubleshooting
[edit] Solutions
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.
[edit] False Positives
Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:
https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives
[edit] Additional Information
[edit] Similar Rules
[edit] Knowledge Base Articles
None.
[edit] External Articles
None.