Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
2
Replies

Custom Sig

james.monroe
Level 1
Level 1

‎10-19-2003 11:01 AM - edited ‎03-09-2019 05:12 AM

How do I create a sig to capture passwords? We are wanting to limit our clients from passing information from inside of our network to the outside.

Labels:
0 Helpful
2 Replies 2

anthall
Level 1
Level 1

‎10-19-2003 08:15 PM

Signature for capturing passwords is specific to the protocol that is being used. Some protocols (anything encrypted) are impossible to catch passwords, others are quite easy (ie. ftp, telnet, etc.).

Let's use ftp as an example. To capture the password you could right a signature with a RegexString of "[Pp][Aa][Ss][Ss].*[\r\n]" and a ServicePorts of 21. This would alarm when anyone logs into an ftp server. You could set a filter to filter out all IN->IN traffic. This would also have the side effect of displaying the password in the context data (if that is what you meant about catching).

0 Helpful

james.monroe
Level 1
Level 1
In response to anthall

‎10-20-2003 02:01 AM

Yes, that is what I ment. I will try http first and see what I get?

0 Helpful
Customers Also Viewed These Support Documents