[Snort-sigs] pwdump, l0phtcrack, hash extraction

Brian bmc at ...95...
Tue Jul 20 07:13:01 EDT 2004


On Tue, Jul 20, 2004 at 09:05:32AM -0400, Matt Sheridan wrote:
> I may be missing something obvious - but I cant seem to find a snort sig 
> for pwdump/3 or and other hash extraction utility. I havent myself done a 
> packet analysis, so it may just be a lack of fingerprint.  I have a 
> secondary comercial IDS which does have a signature for pwdump, which 
> indicates some matter of identification. If I am missing something 
> out-of-the-box, forgive me. Any thoughts?

grab a pcap, and write a rule for it.  :)

If you want someone else to write a rule for it, grab a pcap and
forward it to the list.  (or to myself if you don't want to share with
the whole world)




More information about the Snort-sigs mailing list