Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/analyzer.log
Arne Welzel 4f084b0b9a ssh: Fallback to client or server selected version for parsing 
In half-duplex setups (or when client/server coalesce the SSH version
line with the KEX packet, get_version() would return UNK as version,
causing a protocol violation. Make this slightly more robust by using
and setting the version which either side had set to continue parsing.

For the special case of SSH-1.99, select SSH-2.0. We could try to peak
into the payload following the packet length field and check for
a KEX_INIT type byte to select SSH2 as a heuristic, but not sure how
to accomplish this.

Slight regression fix for 3769ed6c66
which started to require visibility for client and server version
rather than just the client's version.
2024-06-12 16:30:18 +02:00

29 lines
3.8 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string string addr port addr port string string
XXXXXXXXXX.XXXXXX violation protocol SSH CHhAvVGS1DHFjwGM9 - 192.168.1.79 51880 131.159.21.1 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 66827138 > 53 -
XXXXXXXXXX.XXXXXX violation protocol SSH C4J4Th3PJpwUYZZ6gc - 192.168.2.1 57189 192.168.2.158 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH C4J4Th3PJpwUYZZ6gc - 192.168.2.1 57189 192.168.2.158 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: -1887053965 > 117 -
XXXXXXXXXX.XXXXXX violation protocol SSH CNnMIj2QSd84NKf7U3 - 192.168.2.1 59246 192.168.2.158 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH CNnMIj2QSd84NKf7U3 - 192.168.2.1 59246 192.168.2.158 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: -1296995186 > 501 -
XXXXXXXXXX.XXXXXX violation protocol SSH C7fIlMZDuRiqjpYbb - 192.168.1.32 41164 128.2.10.238 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH C7fIlMZDuRiqjpYbb - 192.168.1.32 41164 128.2.10.238 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 1355968122 > 387 -
XXXXXXXXXX.XXXXXX violation protocol SSH CtxTCR2Yer0FR1tIBg - 192.168.1.32 33910 128.2.13.133 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH CtxTCR2Yer0FR1tIBg - 192.168.1.32 33910 128.2.13.133 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 1476235678 > 372 -
XXXXXXXXXX.XXXXXX violation protocol SSH CpmdRlaUoJLN3uIRa - 192.168.1.32 41268 128.2.10.238 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH CpmdRlaUoJLN3uIRa - 192.168.1.32 41268 128.2.10.238 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 175673362 > 387 -
XXXXXXXXXX.XXXXXX violation protocol SSH C1Xkzz2MaGtLrc1Tla - 192.168.1.31 52294 192.168.1.32 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 174084329 > 20 -
XXXXXXXXXX.XXXXXX violation protocol SSH CqlVyW1YwZ15RhTBc4 - 192.168.1.31 51489 192.168.1.32 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: -561443136 > 20 -
XXXXXXXXXX.XXXXXX violation protocol SSH CLNN1k2QMum1aexUK7 - 192.168.1.32 58641 131.103.20.168 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH CLNN1k2QMum1aexUK7 - 192.168.1.32 58641 131.103.20.168 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 779111496 > 372 -
XXXXXXXXXX.XXXXXX violation protocol SSH CBA8792iHmnhPLksKa - 192.168.1.32 58646 131.103.20.168 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH CBA8792iHmnhPLksKa - 192.168.1.32 58646 131.103.20.168 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: 703181190 > 372 -
XXXXXXXXXX.XXXXXX violation protocol SSH CGLPPc35OzDQij1XX8 - 192.168.1.32 58649 131.103.20.168 22 Binpac exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 12 -
XXXXXXXXXX.XXXXXX violation protocol SSH CGLPPc35OzDQij1XX8 - 192.168.1.32 58649 131.103.20.168 22 Binpac exception: binpac exception: out_of_bound: ssh_string:val: -1472102124 > 372 -
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink