IMAP.Login.Brute.Force
Description
This indicates a detection of at least 60 failed IMAP logins in 10 seconds which indicate a possible IMAP logins brute force attack.
This is an threshold signature. If needed, please modify the threshold according to your environment.
Affected Products
All IMAP servers
Impact
Impact of a successful attack could vary, with the worse case being a system compromise.
Recommended Actions
Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2023-03-21 | 23.517 | Sig Added |