Bug #6578: ssh: no alert on packet with Message Code: New Keys (21) - Suricata - Open Information Security Foundation

Actions

Bug #6578

closed

PA PA

ssh: no alert on packet with Message Code: New Keys (21)

Bug #6578: ssh: no alert on packet with Message Code: New Keys (21)

Added by Philippe Antoine over 2 years ago. Updated about 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

Cf https://forum.suricata.io/t/can-not-get-ssh-alert/4223/8

Because of ssh parser setting APP_LAYER_PARSER_NO_INSPECTION right away and preventing detection on this packet

Subtasks 2 (0 open — 2 closed)

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#1

Subtask #6579 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#2

Label deleted (~~Needs backport to 6.0~~)

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#3

Subtask #6580 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
#4

Label deleted (~~Needs backport to 7.0~~)

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#5

Status changed from Assigned to In Review

https://github.com/OISF/suricata/pull/9903

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
#6

Current PR https://github.com/OISF/suricata/pull/10540

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
#7

Status changed from In Review to Resolved

https://github.com/OISF/suricata/pull/10540

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
#8

Status changed from Resolved to Closed

Actions

Also available in: PDF Atom