[Snort-sigs] Signature for scanning SSH versions

Wes Young wyoung at ...1639...
Thu Jul 24 17:45:03 EDT 2003

doesnt an ssh request have a signature?? and shouldnt each version have a sig (something that you can find in a syn request)?? To nagociate (sp) the ssh version?

>>> Matt Kettler <mkettler at ...189...> 07/24 4:27 PM >>>
At 07:38 PM 7/24/2003 +0200, Hugo van der Kooij wrote:
>You can match the version info but not the probing as you need to check
>the behaviour of packets after you trigger on the packet containing the
>version info.
>To the best of my knowledge one can not write such signatures.

Theoretically it might be possible using tagging, but tagged rules are a 
bit complicated to construct. 

This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net 

More information about the Snort-sigs mailing list