Difference between revisions of "HIDS 60904"
From Atomicorp Wiki
(Created page with " {{Infobox |header1= Rule 60904 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Rapid SMTP password incorrect events from the same IP source. }} = Descript...") |
Latest revision as of 13:39, 24 September 2014
| Rule 60904 | |
|---|---|
| Status | Active |
| Alert Message | Rapid SMTP password incorrect events from the same IP source. |
Contents |
[edit] Description
ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 6 failures in 8 seconds.
[edit] Troubleshooting
[edit] Solutions
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course allow this attacker to continue to brute force accounts in your mail server.
[edit] False Positives
Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:
https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives
[edit] Additional Information
[edit] Similar Rules
[edit] Knowledge Base Articles
None.
[edit] External Articles
None.
