HIDS 171005

From Atomicorp Wiki
Revision as of 14:05, 5 January 2015 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

171005

Message

Multiple rapid Exim authentication failures.

Description

This rule detects when exim reports a high number of incorrect authentication failures for the same IP. The threshold is 8 failures in 2 minutes.

False Positives

There are no known false positive for this rule.

Tuning Recommendations

None.

Similar Rules

HIDS_171003

HIDS_171004

HIDS_171006


Knowledge Base Articles

None.

Outside References


Notes

ASL has no control over the message generated by your application (in this case sshd). This messages generated by an application and neither generated by ASL, nor is this something ASL can control. ASL is just listening to what you application is "saying", analyzing the "message" and then reporting its significance to you you based on its internal understanding of those messages, and other events that may (or may not) be occurring on the system.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_171005&oldid=5335"
Personal tools