Block IP for authentication attempts using invalid accounts
Question asked by Warren Flack - 3/6/2019 at 12:26 PM
Hello All,

Is there a way with current IDS rules to automatically add an IP to the blacklist for accounts trying to authenticate with user accounts that do not exist on any domain/alias?

I'm seeing an increase in activity where ip's are randomly trying different usernames vs bruteforce on a single account.

Appreciate any suggestions you might have.

Many Thanks,


Reply to Thread