On Thu, Jun 6, 2013 at 10:14 AM, Jeff Neely <[email protected]> wrote:
> We have a Windows system making many sftp connections to a Linux system in a
> short period of time.  It is 3rd party software that I am being told can't
> be changed to use key exchange.  The result is this is perceived as an
> attack and we start denying the host.  Is there a way to ignore the
> "authentication failure" if it is followed by "Accepted password" message?
>

Probably. Take a look at the alert that triggers the active response.
I'm sure there's a way to quiet it down a bit to not be an issue in
this case.

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to