cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
518
Views
4
Helpful
1
Replies
Beginner

Custom Sig for detecting SSH on different ports

I was wondering if anyone has created or is aware of a custom IPS signature that detects someone using SSH on ports other than 22?

Thanks in Advance

Everyone's tags (5)
1 REPLY 1
Highlighted
Cisco Employee

Re: Custom Sig for detecting SSH on different ports

There are multiple built-in (Cisco-provided) signatures for this:

11233.0 - SSH Over Non-standard Ports (SSH Over Web Ports)

11233.1 - SSH Over Non-standard Ports (SSH Over HTTP Proxy)

11233.2 - SSH Over Non-standard Ports (SSH Over Socks)

11233.3 - SSH Over Non-standard Ports (SSH Over Non-SSH Ports)

The latter (11233.3) appears to most closely match what you describe.