Bro 2.6 will fix SSH capabilities "is_server" flag

salesforce / hassh

HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.

BSD 3-Clause "New" or "Revised" License

529 stars 77 forks source link

Bro 2.6 will fix SSH capabilities "is_server" flag #4

Closed jsiwek closed 5 years ago

jsiwek commented 5 years ago

The bug fix at https://github.com/zeek/zeek/pull/191 now allows these workarounds to be updated:

https://github.com/salesforce/hassh/blob/a9f1854727a5676593dcc7438448e51f76979330/bro/hassh.bro#L114-L133

If you want things to keep working with both Bro 2.5.x and 2.6, you should be able to branch on Version::info.

benreardon-sfdc commented 5 years ago

Thank you @jsiwek. added version checking logic to main script. https://github.com/salesforce/hassh/blob/3fbd7f088079d6c4d2bcb4a915ebb41fca80b6e2/bro/hassh.bro#L114-L130