[Oisf-users] SSH issue fixed in Suricata 2.0.4
Victor Julien
victor at inliniac.net
Tue Sep 23 11:57:57 UTC 2014
In the just released 2.0.4 we fixed an SSH banner parsing issue that
could lead to a crash of Suricata.
The proper fix is to upgrade, but a work around is to disable the SSH
parser in your yaml.
app-layer:
protocols:
tls:
enabled: yes
detection-ports:
dp: 443
#no-reassemble: yes
dcerpc:
enabled: yes
ftp:
enabled: yes
ssh:
enabled: no <- this disables the parser.
Alternatively, it can be set to 'detection-only', which means that
protocol detection is still enabled, but parsing isn't.
If you disable the parser, the ssh rule keywords and the ssh logging
won't work.
https://redmine.openinfosecfoundation.org/issues/1278
A new development version of the 2.1 series will be released next week
to address this issue there as well. The git master has already been fixed.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list