cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

664
Views
4
Helpful
1
Replies
jnlawrence76
Beginner

Custom Sig for detecting SSH on different ports

I was wondering if anyone has created or is aware of a custom IPS signature that detects someone using SSH on ports other than 22?

Thanks in Advance

1 REPLY 1
Dustin Ralich
Cisco Employee

There are multiple built-in (Cisco-provided) signatures for this:

11233.0 - SSH Over Non-standard Ports (SSH Over Web Ports)

11233.1 - SSH Over Non-standard Ports (SSH Over HTTP Proxy)

11233.2 - SSH Over Non-standard Ports (SSH Over Socks)

11233.3 - SSH Over Non-standard Ports (SSH Over Non-SSH Ports)

The latter (11233.3) appears to most closely match what you describe.

Create
Recognize Your Peers
Content for Community-Ad