[Snort-sigs] Signature for scanning SSH versions

Wes Young wyoung at ...1639...
Thu Jul 24 17:45:03 EDT 2003


doesnt an ssh request have a signature?? and shouldnt each version have a sig (something that you can find in a syn request)?? To nagociate (sp) the ssh version?

>>> Matt Kettler <mkettler at ...189...> 07/24 4:27 PM >>>
At 07:38 PM 7/24/2003 +0200, Hugo van der Kooij wrote:
>You can match the version info but not the probing as you need to check
>the behaviour of packets after you trigger on the packet containing the
>version info.
>
>To the best of my knowledge one can not write such signatures.
>
>Hugo

Theoretically it might be possible using tagging, but tagged rules are a 
bit complicated to construct. 



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list