Hi,
I am using SMG 10.6.1-4 and I am experiencing daily administrative notification messages like "Alert - Login failures occur from a single IP"; literally thousands of them.
Someone tries to authenticate using following users on 587 port (via LDAP query).
User Number of login failures per single user
=============
smtp 928
backup 955
user 955
info 955
admin 955
test 366
................
=============
I am pretty concerned. I don't figure out however a way to lock them out, because of course IP address changes day by day/attack by attack.
My firewall logs show 1 entry for a single connection but on that single connection (I suppose), thousands of authentication tries are performed.
I already contacted Symantec support and they told me there is no native way to deal with it.
I kindly ask:
1) What can I do ? Has SMG a way/mechanism to deal with it ? How ?
2) If not, what do you suggest ? Is there a Symantec product to purchase and use together with SMG that can help ?
I could configure an AD account lockout strategy but it has many other implications.
Please help.
Thanks, best regards.