[Snort-sigs] Signature for scanning SSH versions

Matt Kettler mkettler at ...189...
Thu Jul 24 13:28:12 EDT 2003


At 07:38 PM 7/24/2003 +0200, Hugo van der Kooij wrote:
>You can match the version info but not the probing as you need to check
>the behaviour of packets after you trigger on the packet containing the
>version info.
>
>To the best of my knowledge one can not write such signatures.
>
>Hugo

Theoretically it might be possible using tagging, but tagged rules are a 
bit complicated to construct. 





More information about the Snort-sigs mailing list