[Snort-sigs] Kerberos login failure detection

Micheal Cottingham micheal.cottingham at ...2462...
Thu May 6 08:47:02 EDT 2004


I've tried 
http://marc.theaimsgroup.com/?l=snort-sigs&w=2&r=1&s=kerberos&q=b and 
several variations of it, but I cannot for the life of me get Snort to 
detect anything from this. His rule was really close to my own packet 
analysis, but it doesn't seem to work. Windows 2000, Active Directory. 
Any suggestions? Much appreciated.

Micheal Cottingham

_____________________________________
Micheal Cottingham, Comptia A+
micheal.cottingham at ...2462...
1-434-949-1078





More information about the Snort-sigs mailing list