Cisco Cisco Firepower Management Center 4000

Specifies the maximum number of bytes allowed in the server’s version string before considering it 
to be a SecureCRT exploit. 

Enables or disables detecting the Challenge-Response Buffer Overflow exploit.

You can enable rule 128:1 to generate events for this option. See 

 for 

more information.

Enables or disables detecting the CRC-32 exploit.

You can enable rule 128:2 to generate events for this option. See 

 for 

more information.

Enables or disables detecting the SecureCRT SSH Client Buffer Overflow exploit.

You can enable rule 128:3 to generate events for this option. See 

 for 

more information.

Enables or disables detecting protocol mismatches.

You can enable rule 128:4 to generate events for this option. See 

 for 

more information.

Enables or disables detecting when traffic flows in the wrong direction (that is, if the presumed 
server generates client traffic, or if a client generates server traffic).

You can enable rule 128:5 to generate events for this option. See 

 for 

more information.

Enables or disables detecting packets with an incorrect payload size such as when the length 
specified in the SSH packet is not consistent with the total length specified in the IP header or the 
message is truncated, that is, there is not enough data for a full SSH header.

You can enable rule 128:6 to generate events for this option. See 

 for 

more information.

Note that, when enabled, the preprocessor detects without configuration any version string other 
than version 1 or 2.

You can enable rule 128:7 to generate events for this option. See 

 for 

more information.

Protection