IMAP.Login.Brute.Force

description-logoDescription

This indicates a detection of at least 60 failed IMAP logins in 10 seconds which indicate a possible IMAP logins brute force attack.
This is an threshold signature. If needed, please modify the threshold according to your environment.

affected-products-logoAffected Products

All IMAP servers

Impact logoImpact

Impact of a successful attack could vary, with the worse case being a system compromise.

recomended-action-logoRecommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-03-21 23.517 Sig Added