The release notes for the latest firmware mention there being a lockout, where it'll pause after 10 failed logins.

Is there anything in the protocol or from the firmware that will allow detecting that this has happened?

Is there anywhere to disable this?

Otherwise it's just inviting problems. Anything mis-configured can then disrupt and block legit connection attempts.