Difference between revisions of "HIDS 171006"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 171006 '''Message''' Multiple rapid Exim authentication failures. '''Description''' This rule detects when exim reports a number of incorrect authenticat...")
 

Latest revision as of 13:07, 5 January 2015

Rule ID

171006

Message

Multiple rapid Exim authentication failures.

Description

This rule detects when exim reports a number of incorrect authentication failures for the same IP over a long period of time. The threshold is 8 failures in 1 hour.

This detects slow brute force attacks.

False Positives

There are no known false positive for this rule.

Tuning Recommendations

None.

Similar Rules

HIDS_171003

HIDS_171004

HIDS_171006


Knowledge Base Articles

None.

Outside References

None.

Notes

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_171006&oldid=5337"
Personal tools