[Snort-sigs] pwdump, l0phtcrack, hash extraction
bmc at ...95...
Tue Jul 20 07:13:01 EDT 2004
On Tue, Jul 20, 2004 at 09:05:32AM -0400, Matt Sheridan wrote:
> I may be missing something obvious - but I cant seem to find a snort sig
> for pwdump/3 or and other hash extraction utility. I havent myself done a
> packet analysis, so it may just be a lack of fingerprint. I have a
> secondary comercial IDS which does have a signature for pwdump, which
> indicates some matter of identification. If I am missing something
> out-of-the-box, forgive me. Any thoughts?
grab a pcap, and write a rule for it. :)
If you want someone else to write a rule for it, grab a pcap and
forward it to the list. (or to myself if you don't want to share with
the whole world)
More information about the Snort-sigs