It would be best to look at the services running on the reported attacker, and determine if there is a legitimate reason for it to attempt a SMB logon to the victim system and cause 9 logon failures in a 30 second period. Perhaps an automated service is still attempting to log into the victim system with outdated credentials.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...