#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; flowbits: set,is_ssh_client_banner; reference:url,doc.emergingthreats.net/2001974; classtype:misc-activity; sid:2001974; rev:7;)

Added 2011-10-12 19:11:04 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; flowbits: set,is_ssh_client_banner; classtype:misc-activity; reference:url,doc.emergingthreats.net/2001974; sid:2001974; rev:7;)

Added 2011-09-14 21:09:50 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; flowbits: set,is_ssh_client_banner; classtype:misc-activity; reference:url,doc.emergingthreats.net/2001974; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Non-Standard_SSH_Port; sid:2001974; rev:7;)

Added 2011-02-04 17:21:39 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; reference:url,doc.emergingthreats.net/2001974; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Non-Standard_SSH_Port; sid:2001974; rev:7;)

Added 2010-06-28 22:46:59 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; reference:url,doc.emergingthreats.net/2001974; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Non-Standard_SSH_Port; sid:2001974; rev:7;)

Added 2010-06-28 22:46:59 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; reference:url,doc.emergingthreats.net/2001974; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Non-Standard_SSH_Port; sid: 2001974; rev:7;)

Added 2009-02-11 19:15:23 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; reference:url,doc.emergingthreats.net/2001974; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Non-Standard_SSH_Port; sid: 2001974; rev:7;)

Added 2009-02-11 19:15:23 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; sid: 2001974; rev:6;)

Added 2008-01-31 18:48:09 UTC


#alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; sid: 2001974; rev:6;)

Added 2008-01-31 18:48:09 UTC


#alert tcp any any -> any $SSH_PORTS (msg: "BLEEDING-EDGE POLICY SSH Client Banner Detected on Expected Port"; flowbits:isset,is_ssh_server_banner; flowbits:noalert; flow: from_client,established; content:"SSH-"; offset: 0; depth: 4; byte_test:1,>,48,0,relative;byte_test:1,<,51,0,relative;byte_test:1,=,46,1,relative;flowbits: set,is_ssh_client_banner; classtype:misc-activity; sid: 2001974; rev:5; )



Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats