Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Finding IP Address on the DHAP List

I would like to find the list of IP addresses that are currently on the DHAP. Meaning which IPs are currently being blocked by DHAP and the IP addresses that have been block at any point in a given time frame. Example: the last 24 hours.

Thanks

1 REPLY
Community Member

Finding IP Address on the DHAP List

Hello Michael,

You will find entries describing DHAP events in the mail_logs of the Cisco IronPort Email Security Appliance(ESA).

Here is an example of an entry in the mail_logs, where "DHAP" occurred.

"Tue Oct 18 00:25:35 2005 Warning: LDAP: Dropping connection due to
potential Directory Harvest Attack from host=(192.168.10.1', None),
dhap_limit=4, sender_group=SUSPECTLIST"

The following query can be used from the ESA's CLI, to look for DHAP events in the mail_logs:  

grep "dhap_limit=" mail_logs

Regards,

-Jerry Orona

1090
Views
0
Helpful
1
Replies
CreatePlease to create content