the attack data is encrypted within the encrypted SSH. Without
having to decrypt the SSH, is there any clever way to detect this
(using some kind of anomaly on the packet size, type of characters
etc.. )?
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
Check this disclosure at
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0101.html
the attack data is encrypted within the encrypted SSH. Without
having to decrypt the SSH, is there any clever way to detect this
(using some kind of anomaly on the packet size, type of characters
etc.. )?
thanks
Ravi
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]