(spp_ssh) Protocol mismatch

The rule is designed to trigger an alert when it detects a protocol mismatch in the SSH communication. This could occur if the SSH client and server attempt to communicate using different SSH protocol versions or incompatible encryption algorithms. Such protocol mismatches may result from misconfigurations, attempts to use non-standard SSH implementations, or potential man-in-the-middle attacks attempting to interfere with SSH communication.

Categories:

Cyber Attack
Preprocessor

ID Number

0000004

Signature

alert ( msg: "SSH_EVENT_PROTOMISMATCH"; sid: 4; gid: 128; rev: 1; metadata: policy max-detect-ips drop, rule-type preproc, service ssh ; classtype:non-standard-protocol;)