Difference between revisions of "HIDS 60906"
From Atomicorp Wiki
(Created page with " {{Infobox |header1= Rule 60906 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Slow SMTP password incorrect events from the same IP source. }} = Descripti...") |
Latest revision as of 12:41, 24 September 2014
| Rule 60906 | |
|---|---|
| Status | Active |
| Alert Message | Slow SMTP password incorrect events from the same IP source. |
Contents |
[edit] Description
ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 24 failures in 240 seconds.
[edit] Troubleshooting
[edit] Solutions
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.
[edit] False Positives
Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:
https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives
[edit] Additional Information
[edit] Similar Rules
[edit] Knowledge Base Articles
None.
[edit] External Articles
None.
