Project

General

Profile

Actions
Copy link

Feature #4148

open

Research: SSH Support for additional protocol analysis

Added by Jeff Lucovsky almost 4 years ago. Updated 12 months ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
Difficulty:
Label:
Protocol

Description

Chris G:
Is there any additional work we can do in SSH protocol analysis? Corelight's article on SSH Inference was very interesting, though I'm not how well it works in reality. https://corelight.blog/2019/11/19/corelight-ssh-inference-package/

This could extend to other protocols

Related issues 2 (2 open0 closed)

Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #7103: ssh: extra fields and keywordsFeedbackOISF DevActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky almost 4 years ago

  • Related to Task #4097: Suricon 2020 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien almost 4 years ago

  • Subject changed from Research: Support for additional protocol analysis to Research: SSH Support for additional protocol analysis
  • Assignee set to Community Ticket
  • Target version set to TBD

I think we first need a description of what is missing and could be added to our SSH parser and/or detection.

Actions
Copy link
 #3

Updated by Victor Julien almost 4 years ago

  • Label Protocol added
Actions
Copy link
 #4

Updated by Philippe Antoine 12 months ago

Is this solved by hassh ?

Actions
Copy link
 #5

Updated by Victor Julien 4 months ago

Actions
Copy link

Also available in: Atom PDF