Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client
History
Arne Welzel 4f084b0b9a ssh: Fallback to client or server selected version for parsing 
In half-duplex setups (or when client/server coalesce the SSH version
line with the KEX packet, get_version() would return UNK as version,
causing a protocol violation. Make this slightly more robust by using
and setting the version which either side had set to continue parsing.

For the special case of SSH-1.99, select SSH-2.0. We could try to peak
into the payload following the packet length field and check for
a KEX_INIT type byte to select SSH2 as a heuristic, but not sure how
to accomplish this.

Slight regression fix for 3769ed6c66
which started to require visibility for client and server version
rather than just the client's version.
2024-06-12 16:30:18 +02:00
..
analyzer.log ssh: Fallback to client or server selected version for parsing 2024-06-12 16:30:18 +02:00
conn.log ssh: Fallback to client or server selected version for parsing 2024-06-12 16:30:18 +02:00
ssh.log make SSH analyzer robust to half-duplex connections 2024-05-07 11:40:47 -07:00
weird.log ssh: Fallback to client or server selected version for parsing 2024-06-12 16:30:18 +02:00