[Snort-sigs] sid:617 usage requested.

Brian bmc at ...95...
Thu Jan 17 09:03:06 EST 2002


I am also wading through the signatures trying to document them.  This
is a head scratchre.

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"SCAN ssh-research-scanner"; flags: A+; content:"|00 00 00 60 00 00 00 00 00 00 00 00 01 00 00 00|"; classtype:attempted-recon; sid:617; rev:1;)

Anyone know what this is, what its looking for, and where I can find
information about it?

-- 
The product of the IQs of each member of a tech-support conversation is 
a constant. -- Michael Driscoll





More information about the Snort-sigs mailing list