#alert tcp any !$SSH_PORTS -> any any (msg:"ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port"; flow: from_server,established; flowbits:noalert; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; content:"|0d 0a|"; offset: 4; depth: 255; byte_test:1,=,20,5,relative; flowbits: set,is_ssh_server_banner; flowbits: set,is_ssh_server_kex; reference:url,www.proftpd.org/docs/contrib/mod_sftp.html; classtype:misc-activity; sid:2022326; rev:1; metadata:created_at 2015_12_31, updated_at 2015_12_31;)

Added 2019-03-26 18:09:18 UTC


#alert tcp any !$SSH_PORTS -> any any (msg:"ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port"; flow: from_server,established; flowbits:noalert; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; content:"|0d 0a|"; offset: 4; depth: 255; byte_test:1,=,20,5,relative; flowbits: set,is_ssh_server_banner; flowbits: set,is_ssh_server_kex; reference:url,www.proftpd.org/docs/contrib/mod_sftp.html; classtype:misc-activity; sid:2022326; rev:1; metadata:created_at 2016_12_31, updated_at 2016_12_31;)

Added 2018-09-13 19:52:07 UTC


Added 2018-09-13 18:00:38 UTC


#alert tcp any !$SSH_PORTS -> any any (msg:"ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port"; flow: from_server,established; flowbits:noalert; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; content:"|0d 0a|"; offset: 4; depth: 255; byte_test:1,=,20,5,relative; flowbits: set,is_ssh_server_banner; flowbits: set,is_ssh_server_kex; reference:url,www.proftpd.org/docs/contrib/mod_sftp.html; classtype:misc-activity; sid:2022326; rev:1; metadata:created_at 2016_12_31, updated_at 2016_12_31;)

Added 2017-08-07 21:17:12 UTC


#alert tcp any !$SSH_PORTS -> any any (msg:"ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port"; flow: from_server,established; flowbits:noalert; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; content:"|0d 0a|"; offset: 4; depth: 255; byte_test:1,=,20,5,relative; flowbits: set,is_ssh_server_banner; flowbits: set,is_ssh_server_kex; reference:url,www.proftpd.org/docs/contrib/mod_sftp.html; classtype:misc-activity; sid:2022326; rev:1;)

Added 2016-01-04 19:11:47 UTC


alert tcp any !$SSH_PORTS -> any any (msg:"ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port"; flow: from_server,established; flowbits:noalert; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; content:"|0d 0a|"; offset: 4; depth: 255; byte_test:1,=,20,5,relative; flowbits: set,is_ssh_server_banner; flowbits: set,is_ssh_server_kex; reference:url,www.proftpd.org/docs/contrib/mod_sftp.html; classtype:misc-activity; sid:2022326; rev:1;)

Added 2016-01-01 14:42:26 UTC


Topic revision: r1 - 2019-03-26 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats