Versions (3)
Version DetailsCurrent
Rev: 11 • Jul 30, 2010, 12:00 PMET POLICY SSH Client Banner Detected on Unusual Port
alert tcp any any -> any !$SSH_PORTS (msg:"ET POLICY SSH Client Banner Detected on Unusual Port"; flow:established,to_server; flowbits:isset,ET.is_ssh_server_banner; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; flowbits:set,ET.is_ssh_client_banner; classtype:misc-activity; sid:2001980; rev:11; metadata:created_at 2010_07_30, confidence High, signature_severity Informational, updated_at 2022_10_19;)
Jul 30, 2010, 12:00 PM
Oct 19, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-policy.rules