Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
3
Replies

Windows login signatures

5creedus
Level 1
Level 1

‎08-17-2005 09:22 AM - edited ‎03-10-2019 01:35 AM

Which signature(s) would I use to track failed login attempts to the following O/S?

Windows, Unix and MAC

Labels:
0 Helpful
3 Replies 3

sasa.rasovic
Level 1
Level 1

‎08-17-2005 10:42 AM

I'm not sure how you plan to 'sense' login attempts since all are encrypted. (NTLM, Kerberos...)

You should rather think of using event loggin on the windows platform itself.

Sasa

0 Helpful

5creedus
Level 1
Level 1
In response to sasa.rasovic

‎08-17-2005 10:57 AM

There are signautres for SMB failed logins but those cover attaching to a network share. There are signatures for failed FTP logins. If there are or there are not similar for Windows domain (not local logins) logins I'd like to know as well. Also for the other O/S I mentioned Unix and MAC. Using IDS I can set the severity to high so I get an alert when it fires.

0 Helpful

sasa.rasovic
Level 1
Level 1
In response to 5creedus

‎08-17-2005 11:21 AM

But ftp logins are in clear text. The similiar stands for smb null logins...those signatures are mostly not user adjustible.

I suppose you should check with CSA for that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card