Attack: SMB Sniffer Negotiate Protocol Challenge Key 2Now when I googled that it returned a page which gives a bit more information.
URL: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26956
On that page it says:
This signature detects attempts to sniff SMB usernames and passwords through a known challenge key which can then be used to crack the passwords offline.The key words there are "through a known challenge key". Responder uses the default challenge key of 1122334455667788 and that is how SEP detected this attack. Responder is awesome and has a config file that allows you to change the challenge key to what ever you want, which then bypasses SEP detection of the attack. The config file is found in /usr/share/responder/ on kali 2 systems, simply change the challenge key to something like 2211334455667788 and your attacks will go unnoticed by SEP. Happy hacking :)