HIDS 60904
From Atomicorp Wiki
| Rule 60904 | |
|---|---|
| Status | Active |
| Alert Message | Rapid SMTP password incorrect events from the same IP source. |
Contents |
Description
ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 6 failures in 8 seconds.
Troubleshooting
Solutions
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course allow this attacker to continue to brute force accounts in your mail server.
False Positives
Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:
https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives
Additional Information
Similar Rules
Knowledge Base Articles
None.
External Articles
None.
