Brute Force 192.168.1.1?

Have NC server (18.0.10) running in a virtualbox, ubuntu instance, and see in my logs many of the following,

[core] Info: Bruteforce attempt from “192.168.1.1” detected for action “login”.

PROPFIND /remote.php/webdav/Work/Brookhaven%202016%20NYS%20Supplement.docx
from 192.168.1.1 at 2020-10-31T23:16:46+00:00

The strange thing is the username that attempting to log in is an email address I use only in work.
So, Im wondering if someone figured my work email out (Not too difficult) and is flooding my server with login attempts.

Any suggestions what I should do ?

seams for a typical job for fail 2 ban.

Understood…

if the the attack is from 192.168.1.1 (through my router) is there any way to resolve the original IP ?

I don’t think this is an intrusion attempt (although fail2ban is always a good idea). You should duckduckgo the web for “PROPFIND /remote.php/webdav/” .