sshguard / sshguard / issues / #88 - Attack pattern for Cyrus IMAP STARTTLS failures — Bitbucket

Issue #88 resolved

Former user created an issue 2018-05-16

reCaptcha v1 is shutdown... see g.co/recaptcha/upgrade

So cannot submit new patterns.

Wanted to submit two patterns from Cyrus IMAP:

imaps[89898]: imaps TLS negotiation failed: [2001:470:df49:2:9df9:4e98:31e1:1720]
imap[37918]: STARTTLS negotiation failed: [196.52.43.55]

These are TLS attacks - should likely give 8 points or more.

Comments (10)

Kevin Zheng
Requests for new attack patterns should be submitted here. The submission form on the website should be unlinked but might still be accessible through search engines; I should take it down properly soon.
- 2018-05-17T04:53:44+00:00
Kevin Zheng
- changed title to Attack pattern for Cyrus IMAP STARTTLS failures
- marked as enhancement
- 2018-05-17T04:54:42+00:00
Kevin Zheng
- changed milestone to 2.2
- marked as minor
- 2018-06-21T00:38:49+00:00
Kevin Zheng
- changed component to parser
- 2018-06-22T19:14:45+00:00
Kevin Zheng
- removed milestone
Removing milestone: 2.2 (automated comment)
- 2018-06-22T19:44:54+00:00
Kevin Zheng
- edited description
- 2018-09-29T04:32:31+00:00
Kevin Zheng
- changed status to open
- 2018-09-29T04:32:44+00:00
Kevin Zheng
- changed status to resolved
Fixed in d3eca2044.
- 2018-12-16T02:06:57+00:00
Graeme
This is actually a false positive.

imapd.conf:

tls_versions: tls1_2 tls1_3

Client attempts to negotiate tls 1.0 or tls 1.1 will generate this exact pattern.
- 2021-01-08T06:14:27+00:00
Kevin Zheng
Thanks for the report. I’ve gone ahead and reverted this change in f3258b7.
- 2021-01-08T17:14:08+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: minor

Status: resolved

Component: parser

Votes: 0

Watchers: None

Jira: the preferred issue tracker for Bitbucket. Join the team!