[Snort-sigs] Signature for scanning SSH versions
mkettler at ...189...
Thu Jul 24 13:28:12 EDT 2003
At 07:38 PM 7/24/2003 +0200, Hugo van der Kooij wrote:
>You can match the version info but not the probing as you need to check
>the behaviour of packets after you trigger on the packet containing the
>To the best of my knowledge one can not write such signatures.
Theoretically it might be possible using tagging, but tagged rules are a
bit complicated to construct.
More information about the Snort-sigs