thank you. I guess I need to depend on access controls and version string.
Thanks Ravi. On Mon, Jun 9, 2008 at 11:55 AM, Sergio Castro <[EMAIL PROTECTED]> wrote: > When you don't have access to the signature, you always have access to the > behavior. You can use network behavior analysis to detect abnormal traffic > patterns, such as SSH traffic from unknown public IPs, or at unusual hours, > or unusual data transfer rates. > What IDS are you using? > > -----Mensaje original----- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En > nombre de Ravi Chunduru > Enviado el: Viernes, 06 de Junio de 2008 07:22 p.m. > Para: Focus IDS > Asunto: Help in writing Network IDS/IPS signature to detect sftp > vulnerability > > Hi, > > Check this disclosure at > > http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0101.html > > the attack data is encrypted within the encrypted SSH. Without > having to decrypt the SSH, is there any clever way to detect this (using > some kind of anomaly on the packet size, type of characters etc.. )? > > thanks > Ravi > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from CORE > IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in > tro_sfw > to learn more. > ------------------------------------------------------------------------ > > > > __________ NOD32 3167 (20080609) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
