Feature #1514: SSH softwareversion regex should allow colon - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1514

closed

AT AT

SSH softwareversion regex should allow colon

Feature #1514: SSH softwareversion regex should allow colon

Added by Antti Tönkyrä almost 11 years ago. Updated almost 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Antti Tönkyrä

Target version:

3.0RC1

Effort:

Difficulty:

Label:

Description

Trojaned PuTTY builds have become more common recently, one method to catch some of them is to look for the version string. Current master does not always allow this since : is not a valid character for ssh.softwareversion. (ex. Putty-Local: Timestamp HH:MM:SS)

I made a pull request on GitHub regarding the issue at https://github.com/inliniac/suricata/pull/1491

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #1514

SSH softwareversion regex should allow colon

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Feature #1514

SSH softwareversion regex should allow colon

VJ Updated by Victor Julien almost 11 years ago ActionsCopy link #1

VJ Updated by Victor Julien almost 11 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 11 years ago ActionsCopy link #3

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#3