Project

General

Profile

Actions

Feature #4148

open

Research: SSH Support for additional protocol analysis

Added by Jeff Lucovsky over 3 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:
Protocol

Description

Chris G:
Is there any additional work we can do in SSH protocol analysis? Corelight's article on SSH Inference was very interesting, though I'm not how well it works in reality. https://corelight.blog/2019/11/19/corelight-ssh-inference-package/

This could extend to other protocols


Related issues 1 (1 open0 closed)

Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Actions #1

Updated by Jeff Lucovsky over 3 years ago

  • Related to Task #4097: Suricon 2020 brainstorm added
Actions #2

Updated by Victor Julien over 3 years ago

  • Subject changed from Research: Support for additional protocol analysis to Research: SSH Support for additional protocol analysis
  • Assignee set to Community Ticket
  • Target version set to TBD

I think we first need a description of what is missing and could be added to our SSH parser and/or detection.

Actions #3

Updated by Victor Julien over 3 years ago

  • Label Protocol added
Actions #4

Updated by Philippe Antoine 5 months ago

Is this solved by hassh ?

Actions

Also available in: Atom PDF