[Snort-sigs] Kerberos login failure detection

Sean Lazar slazar at ...2464...
Sat May 8 21:29:01 EDT 2004


What are your clients? Kerberos, if I am correct, only works with 
Windows 2000 clients and above. Windows 95/98/ME/NT use NTLM authentication.

Sean

Micheal Cottingham wrote:

> I've tried 
> http://marc.theaimsgroup.com/?l=snort-sigs&w=2&r=1&s=kerberos&q=b and 
> several variations of it, but I cannot for the life of me get Snort to 
> detect anything from this. His rule was really close to my own packet 
> analysis, but it doesn't seem to work. Windows 2000, Active Directory. 
> Any suggestions? Much appreciated.
>
> Micheal Cottingham
>
> _____________________________________
> Micheal Cottingham, Comptia A+
> micheal.cottingham at ...2462...
> 1-434-949-1078
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>




More information about the Snort-sigs mailing list