Recently Viewed Topics
Detecting Encrypted and Interactive Sessions
PVS can be configured to detect both encrypted and interactive sessions. An encrypted session is a TCP or UDP session that contains sufficiently random payloads. An interactive session uses timing and statistical profiling of the packets in a session to determine if the session involves human input at a command line prompt.
In both cases, PVS identifies these sessions for the given port and IP protocol. It then lists the detected interactive or encrypted session as vulnerabilities.
PVS has a variety of plugins to recognize telnet, Secure Shell (SSH), Secure Socket Layer (SSL), and other protocols. Combined with the detection of the interactive and encryption algorithms, PVS may log multiple forms of identification for the detected sessions.
For example, PVS may recognize not only an SSH service running on a high port as an encrypted session, but also recognize the version of SSH and determine any vulnerabilities associated with it.