Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1884
Views
0
Helpful
4
Replies

How long DHAP blocking connection

Go to solution
agus.pracoyo
Level 1
Level 1

‎06-21-2015 11:48 PM

Hi,

 

I want to configure DHAP, but don't know how long Ironport block sender IP if DHAP threshold is reached. Is it permanent ? or temporary? if temporary can we set the time ?

 

Regards

Agus Pracoyo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎06-22-2015 04:35 PM

Hello Agus,

 

It will be a temporary block.

I believe it's fixed to a 1 hour block once threshold met.

 

You can use the command in the CLI > grep “Warning: Dropping connection due to potential Directory Harvest Attack from host=” mail_logs

and it will bring up every instance where the directory harvest was being undertaken.
 
I hope this helps.

Matthew

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎06-22-2015 04:35 PM

Hello Agus,

 

It will be a temporary block.

I believe it's fixed to a 1 hour block once threshold met.

 

You can use the command in the CLI > grep “Warning: Dropping connection due to potential Directory Harvest Attack from host=” mail_logs

and it will bring up every instance where the directory harvest was being undertaken.
 
I hope this helps.

Matthew
0 Helpful

Go to solution
agus.pracoyo
Level 1
Level 1
In response to Mathew Huynh

‎06-22-2015 06:14 PM

Thanks a lot Matthew

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to agus.pracoyo

‎06-22-2015 06:17 PM

Happy to help.
Let us know if there is any other questions or issues with DHAP when you go about to using it.

0 Helpful

Go to solution
Bob Fayne
Level 1
Level 1

‎07-09-2015 07:24 AM

No email for you, 1 hour!

You can change that time on a global basis with the Injection Counters Reset Period. From the GUI you can get to the setting under Network and from the CLI it's under listenerconfig/setup.

Network->Listeners->Edit Global Settings

Bear in mind that because this is a global setting it also changes the HAT rate limiting from messages per hour to messages per xxx time. You can set anything from 1 minute to 4 hours.

The main purpose according to docs is to allow high-volume receivers to shorten the time to avoid performance issues. This infers that too high of a setting can(will) introduce performance issues, particularly with memory so I don't recommend setting it much higher than an hour.

0 Helpful
Customers Also Viewed These Support Documents