Versions (4)
Version DetailsCurrent
Rev: 3 • Jan 1, 2016, 12:00 PMET POLICY SSHv2 Server KEX Detected within Banner on Expected Port
alert tcp any $SSH_PORTS -> any any (msg:"ET POLICY SSHv2 Server KEX Detected within Banner on Expected Port"; flow:from_server,established; flowbits:noalert; content:"SSH-"; offset:0; depth:4; byte_test:1,>,48,0,relative; byte_test:1,<,51,0,relative; byte_test:1,=,46,1,relative; content:"|0d 0a|"; offset:4; depth:255; byte_test:1,=,20,5,relative; flowbits:set,ET.is_ssh_server_banner; flowbits:set,ET.is_ssh_server_kex; reference:url,www.proftpd.org/docs/contrib/mod_sftp.html; classtype:misc-activity; sid:2022325; rev:3; metadata:created_at 2016_01_01, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jan 1, 2016, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 13, 2025, 9:34 PM
rules/emerging-policy.rules