[Emerging-Sigs] SSH negation on 2018378

Joel Esler (jesler) jesler at cisco.com
Mon Apr 13 06:50:34 HDT 2020


What if SSL is running over port 22?

> On Apr 13, 2020, at 11:35 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> 
> Any chance we can get a negation on this?  I've seen this a few times:
> 
> 04/10-22:17:46.964152  [**] [1:2018378:5] ET EXPLOIT Possible OpenSSL HeartBleed Large HeartBeat Response (Server Init Vuln Client) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} x.x.x.x:61812 -> x.x.x.x:22
> 
> Thank you!
> 
> James
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200413/328c8ac2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200413/328c8ac2/attachment.bin>


More information about the Emerging-sigs mailing list