Difference between revisions of "HIDS 3356"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 3356 '''Status''' Active rule currently published. '''Alert Message''' Multiple attempts to send e-mail from black-listed IP address (blocked). '''Descr...")
 

Latest revision as of 12:33, 10 February 2016

Rule ID

3356

Status

Active rule currently published.

Alert Message

Multiple attempts to send e-mail from black-listed IP address (blocked).

Description

This rule detects if your antispam email solution has blocked an IP address 10 or more times 120 seconds. When this occurs, if ASL is configured to take Active Response measures it will do so. By default this means the IP address will be blocked by the firewall by 600 seconds.

False Positives

None.


Tuning Guidance

Contact your email antispam vendor for assistance if this IP address is not sending spam.


Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools