[Snort-sigs] FPs for ssh: Server version string overflow 3

Russell Fulton r.fulton at ...575...
Mon Apr 28 18:01:37 EDT 2008


Looks like default version string length need raising...

Russell

META	
SID	CID	TimeStamp	Signature	Sig ID
6	13228178	2008-04-28 23:32:34	ssh: Server version string overflow	3
Sensor Hostname	Sensor Interface
monitor-dmzo.isec.auckland.ac.nz	dmz sensor
IP	
Source Address	Dest Address	Ver	Hdr Len	TOS	length	ID	flags	offset	TTL	 
chksum
134.100.222.158	130.216.48.14	4	5	0	84	59426	2	0	109	3480
Resolved Source	Resolved Dest
pc607.math.uni-hamburg.de 	aitken.math.auckland.ac.nz
TCP	
Source Port	Dest Port	Seq	Ack	Offset	Reserved	Flags	Window	Checksum	 
Urgent Ptr
2815	22	2941651063	3985235967	5	0	24	65504	65065	0
Options
None
Flags
RB 1	RB 0	URG	ACK	PSH	RST	SYN	FIN
			X 	X 			

DATA	

SSH-1.99-3.2.9 SSH Secure Shell for Windows.





More information about the Snort-sigs mailing list