Rule History

SID: 2001977 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 9 • Jul 30, 2010, 12:00 PM

Message:

ET POLICY SSHv2 Client New Keys detected on Expected Port

Rule:

alert tcp any any -> any $SSH_PORTS (msg:"ET POLICY SSHv2 Client New Keys detected on Expected Port"; flowbits:noalert; flowbits:isset,ET.is_ssh_client_kex; flow: from_client,established; byte_test:1,=,21,5; flowbits: set,is_proto_ssh; classtype:misc-activity; sid:2001977; rev:9; metadata:created_at 2010_07_30, confidence High, signature_severity Informational, updated_at 2024_04_26;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

Apr 26, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-policy.rules