SMB : SMB: User Password Brute-force Attempt

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
BPry
Cyber Elite

 

My appologies, I didn't look at the threat-id very close and mistook it for a error that we were having earlier. 

1) Make sure that your Vulnerability Protection Profile isn't changed from the default action.

2) In the meantime you might want to setup a rule that allows the application connection from Trust users to that specific IP address with everything except a Vulnerability Protection Profile to mediate the issue for the time being. If I would have to guess though your Protection Profile is set to something other then default. 

It might be a good idea to have your programmers look at the application though. It sounds like if someone enters in the wrong password then the application is rapidly trying to login without a pre-defined wait period between authentification tries. Unless this is happening everytime a user logs in but I imagine it would be a more pressing issue if they physically could not access the application. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!