HIDS 60906

From Atomicorp Wiki
Revision as of 12:41, 24 September 2014 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 60906
Status Active
Alert Message Slow SMTP password incorrect events from the same IP source.

Contents

[edit] Description

ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 24 failures in 240 seconds.

[edit] Troubleshooting

[edit] Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.

[edit] False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

[edit] Additional Information

[edit] Similar Rules

HIDS_60904

HIDS_60905

[edit] Knowledge Base Articles

None.

[edit] External Articles

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_60906&oldid=5109"
Personal tools