Intrusion Prevention

SSH.Client.Request.Mimicking

Description

This detects the Client Protocol field used by SSH Brute Forcer, an attack tool that is popularly used to discover accounts with weak passwords. The client field can also be used for legitimate applications but this should rarely be seen.

Affected Products

Any SSH server.

Impact

Password disclosure.

Recommended Actions

N/A