[Snort-users] password detection

Crow, Owen Owen_Crow at ...2639...
Mon Mar 18 07:24:12 EST 2002

There's a tool designed for just this purpose (amongst other
even more gray-area purposes) called dsniff:

Good luck,
Owen Crow
Systems Programmer (Unix)
BMC Software, Inc.

> -----Original Message-----
> From: Mike Arrison [mailto:arrison at ...5001...]
> Sent: Monday, March 18, 2002 7:43 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] password detection
> Howdy,
> 	I know this request is going to sound really devious, 
> but I assure you my
> intentions are completely white-hat.
> 	I'd like to see how many people are using plain text 
> passwords on my
> network.  A few protocols that come to mind are telnet and 
> pop3.  Obviously,
> I want to teach them the wonder that is ssh.  I was thinking 
> something like:
> content:"PASS";
> 	Has anyone gone about this before?
>      -Mike Arrison

More information about the Snort-users mailing list