HIDS 171006

From Atomicorp Wiki
Revision as of 13:07, 5 January 2015 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

171006

Message

Multiple rapid Exim authentication failures.

Description

This rule detects when exim reports a number of incorrect authentication failures for the same IP over a long period of time. The threshold is 8 failures in 1 hour.

This detects slow brute force attacks.

False Positives

There are no known false positive for this rule.

Tuning Recommendations

None.

Similar Rules

HIDS_171003

HIDS_171004

HIDS_171006


Knowledge Base Articles

None.

Outside References

None.

Notes

None.

Personal tools