Snort mailing list archives
Re: Confusion on Protocol Mismatch
From: "Weir, Jason" <jason.weir () nhrs org>
Date: Fri, 10 Dec 2010 10:30:25 -0500
overnight I've seen a bunch of these as well did something change with
128-4?
-J
-----Original Message-----
From: Lay, James [mailto:james.lay () wincofoods com]
Sent: Friday, December 10, 2010 10:22 AM
To: snort-users () lists sourceforge net
Subject: Confusion on Protocol Mismatch
Team,
So...I'm confused on just where this is a protocol mismatch:
12/10-08:16:10.632806 [**] [128:4:1] (spp_ssh) Protocol
mismatch [**] [Priority: 3] {TCP} 10.21.10.101:1180 -> 10.21.10.2:22
Relevant conf entries:
var SSH_SERVERS [10.21.0.9,10.21.10.2,10.21.10.8]
portvar SSH_PORTS 22
Thanks/Danke/Gracias
James Lay
IT Security Analyst
WinCo Foods
208-672-2014 Office
208-559-1855 Cell
650 N Armstrong Pl.
Boise, Idaho 83704
_____________________________________________________________________________________________
Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confusion on Protocol Mismatch Lay, James (Dec 10)
- Re: Confusion on Protocol Mismatch Weir, Jason (Dec 10)
- Re: Confusion on Protocol Mismatch Ryan Jordan (Dec 10)
- Re: Confusion on Protocol Mismatch Lay, James (Dec 10)
- Re: Confusion on Protocol Mismatch Ryan Jordan (Dec 10)
- Re: Confusion on Protocol Mismatch Weir, Jason (Dec 10)