Hello All
Today I was checking my logs, No problem until I saw couples of anonymous access (just trying) to SMB but They were failed because no guests are allowed. so what should i do to prevent such connection? can i drop them totally?
fortunately i drop SHH and FTP Brute, but can anyone help me what to rule for SMB??
any idea?
firewall doesn’t know if the user will enter correct password or not. you cannot differentiate bad connections from good connections like that.