Project

General

Profile

Actions
Copy link

Bug #6578

closed

ssh: no alert on packet with Message Code: New Keys (21)

Added by Philippe Antoine 5 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Cf https://forum.suricata.io/t/can-not-get-ssh-alert/4223/8

Because of ssh parser setting APP_LAYER_PARSER_NO_INSPECTION right away and preventing detection on this packet

Subtasks 2 (0 open2 closed)

Bug #6579: ssh: no alert on packet with Message Code: New Keys (21) (6.0.x backport)RejectedActions
Bug #6580: ssh: no alert on packet with Message Code: New Keys (21) (7.0.x backport)ClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 5 months ago

  • Subtask #6579 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 5 months ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #3

Updated by OISF Ticketbot 5 months ago

  • Subtask #6580 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 5 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #5

Updated by Philippe Antoine 5 months ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #7

Updated by Philippe Antoine about 2 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #8

Updated by Victor Julien about 2 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF