[Snort-sigs] Snort and AD logons

Michael Miller michael.miller at ...1811...
Wed May 17 11:33:04 EDT 2006


We've got an unusual number of administrator logon attempts, but the
sysm logs don't provide much information beyond 'badPwdCount
incremented'. I'm not seeing anything in the Snort rules that looks
into...what, LDAP? Active Directory? Any ideas how I can isolate this
activity to an IP address to research further?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060517/61c85b55/attachment.html>


More information about the Snort-sigs mailing list