Threat Encyclopedia

NTLM.Authentication.Brute.Force

description-logoDescription

This indicates detection of a NTLM Authentication Brute Force attempts.
The attack consists of multiple NTLM authentication requests intended to conduct a brute force attack, launched at a rate of about 200 times in 10 seconds.

affected-products-logoAffected Products

All vulnerable applications utilizing NTLM Authentication

Impact

System Compromise: Remote attackers can gain access to the service provided by the vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.
Adjust the threshold for the signature accordingly.