https://inliniac.net/blog/tag/ssh/ Recent content in Ssh on Inliniac Hugo en Thu, 02 Sep 2010 17:36:38 +0000 https://inliniac.net/blog/2010/09/02/suricata-1-0-2-released/ Thu, 02 Sep 2010 17:36:38 +0000 https://inliniac.net/blog/2010/09/02/suricata-1-0-2-released/ <p>After some well deserved vacation I&rsquo;m getting back up to speed in Suricata development. Luckily most of our dev team continued to work in my absence, making today&rsquo;s 1.0.2 release possible.</p> <p>The main focus of this release was fixing the TCP stream engine. <a href="http://twitter.com/judy_novak">Judy Novak</a> found a number of ways to evade detection. See her <a href="http://www.packetstan.com/2010/09/suricata-tcp-evasions.html">blog post</a> describing the issues.</p> <p>The biggest other change is the addition of a new application layer module. The SSH parser parses SSH sessions and stops detection/inspection of the stream after the encrypted part of the session has started. So this is mainly a module focused on reducing the number of packets that need inspection, just like the SSL and TLS modules.</p>