Set IP on IDS on first falied login attempt
Question asked by Joe Helfenstein - August 22 at 2:21 AM
Answered
Hello

A password bruteforce is running on our mail server from a botnet.

Is it possible to configure an abuse detection rule to put an IP to the IDS after the first failed login try?
It's not possible to set the value "0" on "Failures Before Block".
With value "1" the IP will be adden on the second try.

Best Regards
Joe

3 Replies

Reply to Thread
0
Joe Helfenstein Replied
I would really appreciate an answer... 
0
Ben Gilstrap Replied
Employee Post Marked As Answer
Joe,

It currently isn't possible to set up the Failures Before Block value so that it blocks the IP after the first failure.  However, I've submitted this as a feature request for you.
Ben Gilstrap
Regional Sales Executive
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Joe Helfenstein Replied
Hi Ben

Thank you very much for the information and feature request.

Best regards
Joe

Reply to Thread