[Snort-sigs] snort rules

wkitty42 at windstream.net wkitty42 at windstream.net
Mon Jul 23 16:05:26 EDT 2018


On 07/23/2018 04:00 PM, Joel Esler (jesler) via Snort-sigs wrote:
> I believe the "SSH" banner would be going the other way.. (192.168.1.50 22 -> 
> 192.168.1.30 any)


probably... one would tend to think that detecting the initial SYN from the 
TCP/IP 3-way handshake would also be valid ;)


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*


More information about the Snort-sigs mailing list