Skip to content

drewgatchell/bro_scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
reverse_ssh.bro
reverse_ssh.bro
 
 

Repository files navigation

reverse_ssh.bro

Bro script to detect Reverse SSH tunnels based on keystroke packet lengths.

Concept derived from Jeff Atkinson and John Althouse.

This script calculates the expected packet length based on the ciphers utilized in the initial handshake. It is assumed that the same ciphers are utilized on the "inside" tunnel as well to derive the full packet length of the reverse ssh tunnel; since bro will not have visibility into that handshake process.

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages