Smb Login Windows ^hot^ -

Because SMB exposes TCP ports (139 and 445), it is a common vector for brute-force attacks. Attackers attempt to guess passwords against valid usernames harvested via SMB null sessions or LDAP queries.

If you need the "source of truth" for how Windows handles SMB authentication, Microsoft’s is the most comprehensive technical paper. smb login windows

Wherever possible, force Kerberos authentication over NTLM. Kerberos is immune to standard relay attacks. Because SMB exposes TCP ports (139 and 445),