Snort Sig ?number? Pwdump4 rule

 

  • GEN:SID
  • Message
  • Summary
  • Impact
  • Affected Systems
  • Attack Scenarios
  • Ease of Attack
  • False Positives
  • False Negatives
  • Corrective Action
  • Contributors
  • Additional References
  • ????
  • PWDump4 Password dumping exe copied to victim
  • This event is generated when an PWdump4 has copied the dumping executable on to the victim's windows computer.
  • If sucessful, it is highly likely that dumping the SAM hashes will succeed.
  • Windows Sever/Workstation 2000, XP, ME
  • Offline Password cracking / bruteforcing.
  • Moderate, attacker must have Administrator level access or System level access to or on the victims machine.
  • None known.
  • None known.
  • Disallowing access to shares by firewalling or NTFS ACL's, also disabling the "Remote Registry" service. Antivirus software can be effective at preventing
    access and or intercepting the threat.
  • Rich Rumble <richrumble a+ gmail.com>
  • None.


Copyright © 2008 Xinn.org  |  All Rights Reserved

XHTML 1.0 | CSS 2.0