Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.
I have a local customer with 15 users and yesterday they started getting caught in my IDS Blocks. I freed them up, and a couple hours later they got caught again. I freed them up again and this morning they got caught again. I'm not going to free them up again until I figure out what's going on. This is a first-time occurrence for them, and I've been hosting them for over a decade.
"The IDS rule, Default POP DoS, has been triggered by 220.127.116.11. Detection Type: DenialOfService"
I've looked through the logs and there's nothing in the POP log. It's essentially empty. I was hoping to find IP numbers of POP clients, logins, etc., so I could see which specific machine in their office had gone rogue.
I've looked through all the reports, and while there are some excellent charts showing that there has been an uptick in IDS blocks in the past two days, as well as POP sessions, there is no further, deeper info to help figure out the specific issue. Unless I'm just not seeing it.
We really could use some improved log analytics so stuff like this isn't unattainable.
Thanks for any help.
Mik MullerMontague WebWorks