Snort mailing list archives

Re: Snort rule to monitor for a specific user login

From: Jesse Lands <cryptograffiti () gmail com>
Date: Thu, 13 Aug 2009 15:18:53 +0000

If you can see the data in network traffic, you can write a rule to find
it.

--
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/


I guess it would have helped if I was a little more specific.  I want to
monitor for a list of Windows logins used across the network.  Users who
don't have access or shouldn't anymore.  I have a list of logins that are in
use, but don't have a central log collection and have to many computers to
individually check each system.

Thanks again
Jesse

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort rule to monitor for a specific user login Jesse Lands (Aug 13)
- Re: Snort rule to monitor for a specific user login Nigel Houghton (Aug 13)
  - Re: Snort rule to monitor for a specific user login Jesse Lands (Aug 13)
    - Re: Snort rule to monitor for a specific user login Richard Bejtlich (Aug 13)
    - Re: Snort rule to monitor for a specific user login Joel Esler (Aug 13)
    - Re: Snort rule to monitor for a specific user login Will Metcalf (Aug 13)