Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2039
Views
0
Helpful
1
Replies

Finding IP Address on the DHAP List

CBSi_Mlaun
Level 1
Level 1

‎07-11-2012 09:49 AM

I would like to find the list of IP addresses that are currently on the DHAP. Meaning which IPs are currently being blocked by DHAP and the IP addresses that have been block at any point in a given time frame. Example: the last 24 hours.

Thanks

Labels:
0 Helpful
1 Reply 1

Jeronimo Orona
Level 1
Level 1

‎07-13-2012 05:15 PM

Hello Michael,

You will find entries describing DHAP events in the mail_logs of the Cisco IronPort Email Security Appliance(ESA).

Here is an example of an entry in the mail_logs, where "DHAP" occurred.

"Tue Oct 18 00:25:35 2005 Warning: LDAP: Dropping connection due to
potential Directory Harvest Attack from host=(192.168.10.1', None),
dhap_limit=4, sender_group=SUSPECTLIST"

The following query can be used from the ESA's CLI, to look for DHAP events in the mail_logs:  

grep "dhap_limit=" mail_logs

Regards,

-Jerry Orona

0 Helpful
Customers Also Viewed These Support Documents