zeek/scripts/base/protocols/ssh/dpd.sig at 45caf8d2c1a655a7d0613feeb7e6e818e216d83e - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00

Vlad Grigorescu 05ecac2497 Refactored the SSH analyzer. Added supported for algorithm detection and more key exchange message types.

2015-01-13 12:02:31 -05:00

13 lines

No EOL

264 B

Standard ML

Raw Blame History

 signature dpd_ssh_client {
   ip-proto == tcp
   payload /^[sS][sS][hH]-[12]\./
   requires-reverse-signature dpd_ssh_server
   enable "ssh"
   tcp-state originator
 }
 signature dpd_ssh_server {
   ip-proto == tcp
   payload /^[sS][sS][hH]-[12]\./
   tcp-state responder
 }