[Snort-users] password detection

Mike Arrison arrison at ...5001...
Mon Mar 18 05:43:03 EST 2002


Howdy,
	I know this request is going to sound really devious, but I assure you my
intentions are completely white-hat.
	I'd like to see how many people are using plain text passwords on my
network.  A few protocols that come to mind are telnet and pop3.  Obviously,
I want to teach them the wonder that is ssh.  I was thinking something like:

content:"PASS";

	Has anyone gone about this before?

     -Mike Arrison





More information about the Snort-users mailing list