[Snort-users] Question about "ssh: Gobbles exploit"
felix.erlacher at uibk.ac.at
Thu Nov 30 12:50:28 EST 2017
The system generating these alerts must not have a vulnerable version of
openSSH. One reason might be that it executes an exploit for this
You should care about the version (and OS) of the targeted system.
On 30/11/17 14:58, Maxi Fernandez via Snort-users wrote:
> We are receiving alerts from "ssh gobbles exploit"
> <https://www.snort.org/rule_docs/128-1>), this alert affects OpenSSH
> systems <= 3.3
> The problem is that the hosts that generate the alerts, have versions
> higher than those affected by this vulnerability.
> Our question is, why are these alerts generated on hosts that are not
> affected by that vulnerability?
> I attach the packet capture.
> Thank you
More information about the Snort-users