Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SSH:NON-STD-PORT

Severity

 Low

Recommended

 No

Category

 SSH

Release Date

 2004/03/31

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

PROTOCOLS: SSH Connection Over Non-Standard Port


This signature detects SSH connections over nonstandard ports. Some network devices support this as a standard feature, but attackers can also be using SSH on nonstandard ports as a method of firewall or IDS evasion. If this signature detects traffic destined to end-user workstations, you should take the appropriate security actions immediately.

Extended Description

If SSH traffic is detected on ports other than 22, this could indicate malicious activity. Attackers could use nonstandard ports with SSH to circumvent firewall restrictions, or hide backdoor SSH servers on compromised hosts.

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out