NTLM.Authentication.Brute.Force
Description
This indicates detection of a NTLM Authentication Brute Force attempts.
The attack consists of multiple NTLM authentication requests intended to conduct a brute force attack, launched at a rate of about 200 times in 10 seconds.
Affected Products
All vulnerable applications utilizing NTLM Authentication
Impact
System Compromise: Remote attackers can gain access to the service provided by the vulnerable systems.
Recommended Actions
Monitor the traffic from that network for any suspicious activity.
Adjust the threshold for the signature accordingly.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |