Block IP for authentication attempts using invalid accounts
Question asked by Warren Flack - March 6 at 12:26 PM
Unanswered
Hello All,

Is there a way with current IDS rules to automatically add an IP to the blacklist for accounts trying to authenticate with user accounts that do not exist on any domain/alias?

I'm seeing an increase in activity where ip's are randomly trying different usernames vs bruteforce on a single account.

Appreciate any suggestions you might have.

Many Thanks,

Warren.

Reply to Thread