Project

General

Profile

Actions

Feature #4148

open

Research: SSH Support for additional protocol analysis

Added by Jeff Lucovsky about 4 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:
Protocol

Description

Chris G:
Is there any additional work we can do in SSH protocol analysis? Corelight's article on SSH Inference was very interesting, though I'm not how well it works in reality. https://corelight.blog/2019/11/19/corelight-ssh-inference-package/

This could extend to other protocols


Related issues 2 (2 open0 closed)

Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #7103: ssh: extra fields and keywordsFeedbackOISF DevActions
Actions #1

Updated by Jeff Lucovsky about 4 years ago

  • Related to Task #4097: Suricon 2020 brainstorm added
Actions #2

Updated by Victor Julien about 4 years ago

  • Subject changed from Research: Support for additional protocol analysis to Research: SSH Support for additional protocol analysis
  • Assignee set to Community Ticket
  • Target version set to TBD

I think we first need a description of what is missing and could be added to our SSH parser and/or detection.

Actions #3

Updated by Victor Julien about 4 years ago

  • Label Protocol added
Actions #4

Updated by Philippe Antoine about 1 year ago

Is this solved by hassh ?

Actions #5

Updated by Victor Julien 6 months ago

Actions

Also available in: Atom PDF