Threat Encyclopedia



This indicates detection of a NTLM Authentication Brute Force attempts.
The attack consists of multiple NTLM authentication requests intended to conduct a brute force attack, launched at a rate of about 200 times in 10 seconds.

affected-products-logoAffected Products

All vulnerable applications utilizing NTLM Authentication


System Compromise: Remote attackers can gain access to the service provided by the vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.
Adjust the threshold for the signature accordingly.