nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

From: bmanning () vacation karoshi com
Date: Tue, 8 Apr 2014 17:59:32 -0700
On Tue, Apr 08, 2014 at 05:56:45PM -0600, Me wrote:


On 04/08/2014 10:16 AM, Patrick W. Gilmore wrote:

Lots of tools available. I'm with ferg, surprised more haven't been mentioned here.

Tools to check for the bug:
    • on your own box: https://github.com/musalbas/heartbleed-masstest/blob/master/ssltest.py
    • online: http://filippo.io/Heartbleed/ (use carefully as they might log what you check)
    • online: http://possible.lv/tools/hb/
    • offline: https://github.com/tdussa/heartbleed-masstest <--- Tobias Dussa, also Takes a CSV file with host 
names for input and ports as parameter
    • offline: http://s3.jspenguin.org/ssltest.py
    • offline: https://github.com/titanous/heartbleeder

List of vulnerable Linux distributions: <http://www.circl.lu/pub/tr-21/>.

Anyone have any more?


Thanks for the expanded list, I had some of these already. I'm not
comfortable in letting some online code that I can't see test my
site though.

--John


        or, there is this:   http://git.openssl.org/gitweb/?p=openssl.git

/bill
Previous By Date Next
Previous By Thread Next

Current thread: