Feature #1514: SSH softwareversion regex should allow colon - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1514

closed

SSH softwareversion regex should allow colon

Added by Antti Tönkyrä over 9 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Antti Tönkyrä

Target version:

3.0RC1

Effort:

Difficulty:

Label:

Description

Trojaned PuTTY builds have become more common recently, one method to catch some of them is to look for the version string. Current master does not always allow this since : is not a valid character for ssh.softwareversion. (ex. Putty-Local: Timestamp HH:MM:SS)

I made a pull request on GitHub regarding the issue at https://github.com/inliniac/suricata/pull/1491

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #1514

SSH softwareversion regex should allow colon

Updated by Victor Julien over 9 years ago

Updated by Victor Julien over 9 years ago

Updated by Victor Julien over 9 years ago