PROTOCOLS: SSH Connection Over Non-Standard Port
This signature detects SSH connections over nonstandard ports. Some network devices support this as a standard feature, but attackers can also be using SSH on nonstandard ports as a method of firewall or IDS evasion. If this signature detects traffic destined to end-user workstations, you should take the appropriate security actions immediately.
Extended Description
If SSH traffic is detected on ports other than 22, this could indicate malicious activity. Attackers could use nonstandard ports with SSH to circumvent firewall restrictions, or hide backdoor SSH servers on compromised hosts.
Short Name
SSH:NON-STD-PORT
Severity
Warning
Recommended
False
Recommended Action
None
Category
SSH
Keywords
Connection Non-Standard Over Port SSH
Release Date
04/01/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
Port
TCP/0-21,23-65535
False Positive
Unknown