SMB: Microsoft Windows NTLM Login Authorization Failure
This signature detects failed attempts to login using NTLM Server Message Block. Attackers can be attempting to guess a username's password, or a valid user might not remember their password.
Extended Description
If a client fails to properly authenticate using NTLM, the server issues an authentication-failure response and denies access to the protected resources. Repeated authentication failures may indicate that an attacker is attempting to guess the password using brute force attacks. It may also be the result of a password being forgotten or mistyped by a legitimate user.
References
Short Name
SMB:NTLM-LOGIN-FAILED
Severity
Warning
Recommended
False
Recommended Action
None
Category
SMB
Keywords
Authorization Failure Login Microsoft NTLM Windows
Release Date
09/30/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown