Snort mailing list archives
Question about RuleID 128-1 for OpenSSH 7.x
From: Smriti Agarwal via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 3 Jun 2020 21:34:06 -0700
Hello, I have a question regarding signature 128-1: SSH_EVENT_RESPOVERFLOW is getting triggered due to cve 2002-0639 and cve-2002-0640. According to this CVE, SSH traffic is seen as a threat only if using OpenSSH versions 2.3.1 through 3.3. But my customer claims that they are not using OpenSSH version below 7. Why is this signature getting triggered if OpenSSH version is 7.x? Regards, Smriti Agarwal Cisco Meraki Technical Support
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Question about RuleID 128-1 for OpenSSH 7.x Smriti Agarwal via Snort-sigs (Jun 04)
- Re: [Snort-users] Question about RuleID 128-1 for OpenSSH 7.x Joel Esler (jesler) via Snort-sigs (Jun 04)
- Re: [Snort-users] Question about RuleID 128-1 for OpenSSH 7.x Al Lewis (allewi) via Snort-sigs (Jun 04)