Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

DHAP: Warning <Directory Harvest Attack Prevention> smtp2.xyz.com: Potential Directory Harvest Attack detected. See the system

Hi ,

I am new to Iron port Spam device, i will be getting below logs from my SPAM BOX on daily basis for every 1 hr starting from 14:00Hrs till next morning 07:30Hrs. Can any one pls let me know what is the impact of it on my mailbox services.

below is the message which i get on regular interval.

*************************************************************************************************************

The Warning message is:

 

Potential Directory Harvest Attack detected.  See the system mail logs for more information about this attack.

 

Version: 7.0.3-005

Serial Number: ********************

Timestamp: 22 Apr 2014 06:25:32 +0400

 

To learn more about alerts, please visit our Knowledge Base.  In many cases, you can find further information about this specific alert.  Please click the Knowledge Base link after logging into our Support Portal at:

 

https://supportportal.ironport.com/irppcnctr/srvcd?u=http://secure-support.soma.ironport.com/products/&sid=900002

 

If you desire further information, please contact your support provider.

 

To open a support request for this issue, access the IronPort C160 and issue the "supportrequest" command. The command sends an email with diagnostic information directly to your IronPort support provider to facilitate a rapid diagnosis of the problem.

 

Thank you.

Sanjay J.

********************************************************************************************************************

1 REPLY
Cisco Employee

Please see the following eKB

Please see the following eKB article, which hopefully may assist you:

https://ironport.custhelp.com/app/answers/detail/a_id/864/kw/directory%20harvest

 

Q: I am receiving the alert "Potential Directory Harvest Attack detected." What does it mean?

 

A: These alerts are informational and you do not need to take any action. An outside mail server attempted too many invalid recipients and triggered the DHAP (Directory Harvest Attack Prevention) alert. This threshold is set in the mail flow policies: Mail Policies > Mail Flow Policy.

 

For more information about this feature please see the AsyncOS Advanced User Guide.

 

You can adjust your alert profile with "alertconfig" to filter these out if you do not wish to receive these alerts.  

 

I hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

304
Views
0
Helpful
1
Replies
CreatePlease to create content