|Check Point Reference:||CPAI-2014-1307|
|Date Published:||1 Feb 2005|
|Last Updated:||Monday 31 March, 2014|
|Protection Provided by:||
|Who is Vulnerable?||Computer users|
|Vulnerability Description||SSH is a network protocol that uses built-in encryption that prevents packet inspection. Network attacks can be encrypted inside SSH traffic to avoid detection.|
When this protection is activated, IPS can detect or block all SSH traffic sent over ports other than TCP port 22 (Block All SSH Versions). Alternatively, you can choose to detect or block only older versions of SSH, which are inherently less secure (Run SSH Older Versions Control).
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: SSH over Non Standard Ports
Attack Information: SSH Connection on a Non-Standard Port