IDS mailing list archives
Re: Help in writing Network IDS/IPS signature to detect sftp vulnerability
From: "Ravi Chunduru" <ravi.is.chunduru () gmail com>
Date: Mon, 9 Jun 2008 18:03:04 -0700
thank you. I guess I need to depend on access controls and version string. Thanks Ravi. On Mon, Jun 9, 2008 at 11:55 AM, Sergio Castro <sergio.castro () unicin net> wrote:
When you don't have access to the signature, you always have access to the behavior. You can use network behavior analysis to detect abnormal traffic patterns, such as SSH traffic from unknown public IPs, or at unusual hours, or unusual data transfer rates. What IDS are you using? -----Mensaje original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Ravi Chunduru Enviado el: Viernes, 06 de Junio de 2008 07:22 p.m. Para: Focus IDS Asunto: Help in writing Network IDS/IPS signature to detect sftp vulnerability Hi, Check this disclosure at http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0101.html the attack data is encrypted within the encrypted SSH. Without having to decrypt the SSH, is there any clever way to detect this (using some kind of anomaly on the packet size, type of characters etc.. )? thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ __________ NOD32 3167 (20080609) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Help in writing Network IDS/IPS signature to detect sftp vulnerability Ravi Chunduru (Jun 09)
- RE: Help in writing Network IDS/IPS signature to detect sftp vulnerability Sergio Castro (Jun 09)
- Re: Help in writing Network IDS/IPS signature to detect sftp vulnerability Ravi Chunduru (Jun 10)
- RE: Help in writing Network IDS/IPS signature to detect sftp vulnerability Srinivasa Addepalli (Jun 09)
- RE: Help in writing Network IDS/IPS signature to detect sftp vulnerability Sergio Castro (Jun 09)