Set IP on IDS on first falied login attempt
Question asked by Joe Helfenstein - August 22 at 2:21 AM

A password bruteforce is running on our mail server from a botnet.

Is it possible to configure an abuse detection rule to put an IP to the IDS after the first failed login try?
It's not possible to set the value "0" on "Failures Before Block".
With value "1" the IP will be adden on the second try.

Best Regards

3 Replies

Reply to Thread
Joe Helfenstein Replied
I would really appreciate an answer... 
Ben Gilstrap Replied
Employee Post Marked As Answer

It currently isn't possible to set up the Failures Before Block value so that it blocks the IP after the first failure.  However, I've submitted this as a feature request for you.
Ben Gilstrap
Regional Sales Executive
SmarterTools Inc.
(877) 357-6278
Joe Helfenstein Replied
Hi Ben

Thank you very much for the information and feature request.

Best regards

Reply to Thread