Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
1
Replies

Problem with Signature 3651/0

cjbogaards
Level 1
Level 1

‎04-20-2006 06:52 AM - edited ‎03-10-2019 01:59 AM

We are seeing events triggered by this signature that appear to be invalid. SSH2 connection attempts appear to be triggering these events, when the exploit is clearly for SSH1. The signature is utilizing the SSH1 engine, but ssh1 is disabled on the host we are seeing connection attemps to.

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to uaxxxx [xxx.xxx.xxx.xx] port 22.

debug1: Connection established.

debug1: identity file /home/b687511/.ssh/identity type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2-pwexp24

debug1: match: OpenSSH_3.7.1p2-pwexp24 pat OpenSSH*

Protocol major versions differ: 1 vs. 2

Am I missing something or is there a bug in this signature?

Thanks

Chris

Labels:
0 Helpful
1 Reply 1

Not applicable

‎04-26-2006 07:59 AM

To my knowledge, there may be a chance of, so you upgrade the version to the latest. This document explains how to perform a Cisco Intrusion Detection System Module (IDSM) upgrade on an application partition, service pack, and a signature update.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00800a3d42.shtml#tshoot

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card