Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
4
Helpful
1
Replies

Custom Sig for detecting SSH on different ports

jnlawrence76
Level 1
Level 1

‎05-26-2011 08:27 AM - edited ‎03-10-2019 05:21 AM

I was wondering if anyone has created or is aware of a custom IPS signature that detects someone using SSH on ports other than 22?

Thanks in Advance

Labels:
0 Helpful
1 Reply 1

Dustin Ralich
Cisco Employee
Cisco Employee

‎06-01-2011 07:30 AM

There are multiple built-in (Cisco-provided) signatures for this:

11233.0 - SSH Over Non-standard Ports (SSH Over Web Ports)

11233.1 - SSH Over Non-standard Ports (SSH Over HTTP Proxy)

11233.2 - SSH Over Non-standard Ports (SSH Over Socks)

11233.3 - SSH Over Non-standard Ports (SSH Over Non-SSH Ports)

The latter (11233.3) appears to most closely match what you describe.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card