Intrusion Prevention

MS.OWA.Brute.Force

Description

This indicates an attempt to perform a Brute Force attack against a Microsoft Outlook Web App server.
The attack consists of multiple requests intended to conduct a brute force login or to confirm the existence of usernames, launched at a rate of about 15 times in 1 seconds.

Affected Products

Microsoft Outlook Web App 2003 server
Microsoft Outlook Web App 2007 server
Microsoft Outlook Web App 2010 server
Microsoft Outlook Web App 2013 server

Impact

Impact of a successful attack could vary, with the worse case being a system compromise.

Recommended Actions

Adjust the threshold according to your network.
Monitor the traffic from that network for any suspicious activity.