Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with Signature 3651/0

We are seeing events triggered by this signature that appear to be invalid. SSH2 connection attempts appear to be triggering these events, when the exploit is clearly for SSH1. The signature is utilizing the SSH1 engine, but ssh1 is disabled on the host we are seeing connection attemps to.

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to uaxxxx [xxx.xxx.xxx.xx] port 22.

debug1: Connection established.

debug1: identity file /home/b687511/.ssh/identity type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2-pwexp24

debug1: match: OpenSSH_3.7.1p2-pwexp24 pat OpenSSH*

Protocol major versions differ: 1 vs. 2

Am I missing something or is there a bug in this signature?

Thanks

Chris

1 REPLY
Anonymous
N/A

Re: Problem with Signature 3651/0

To my knowledge, there may be a chance of, so you upgrade the version to the latest. This document explains how to perform a Cisco Intrusion Detection System Module (IDSM) upgrade on an application partition, service pack, and a signature update.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00800a3d42.shtml#tshoot

144
Views
0
Helpful
1
Replies
CreatePlease login to create content