Hi, Check this disclosure at
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0101.html the attack data is encrypted within the encrypted SSH. Without having to decrypt the SSH, is there any clever way to detect this (using some kind of anomaly on the packet size, type of characters etc.. )? thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
