IDS mailing list archives

Help in writing Network IDS/IPS signature to detect sftp vulnerability

From: "Ravi Chunduru" <ravi.is.chunduru () gmail com>
Date: Fri, 6 Jun 2008 17:21:41 -0700

Hi,

Check this disclosure at

http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0101.html

the attack data is encrypted within the encrypted SSH.   Without
having to decrypt the SSH, is there any clever way to detect this
(using some kind of anomaly on the packet size, type of characters
etc.. )?

thanks
Ravi

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Help in writing Network IDS/IPS signature to detect sftp vulnerability Ravi Chunduru (Jun 09)
- RE: Help in writing Network IDS/IPS signature to detect sftp vulnerability Sergio Castro (Jun 09)
  - Re: Help in writing Network IDS/IPS signature to detect sftp vulnerability Ravi Chunduru (Jun 10)
- RE: Help in writing Network IDS/IPS signature to detect sftp vulnerability Srinivasa Addepalli (Jun 09)