NTLM.Authentication.Brute.Force

description-logoDescription

This indicates detection of a NTLM Authentication Brute Force attempts.
The attack consists of multiple NTLM authentication requests intended to conduct a brute force attack, launched at a rate of about 200 times in 10 seconds.

affected-products-logoAffected Products

All vulnerable applications utilizing NTLM Authentication

Impact logoImpact

System Compromise: Remote attackers can gain access to the service provided by the vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.
Adjust the threshold for the signature accordingly.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-07-22 15.892 Default_action:pass:drop
2020-06-22 15.869
2020-06-11 15.863
2019-06-28 14.641 Sig Added
2019-04-26 14.602 Sig Added
2019-04-18 14.597