Snort mailing list archives
Heartbleed Rule
From: Nicholas Bogart <nickybzoss () gmail com>
Date: Wed, 9 Apr 2014 11:43:33 +0300
Boss asked me about creating a rule for the OpenSSL Heartbleed. I asked him why not just go update all the servers. He just stared at me. So I am submitting to the community for review and comment the rule I drew up on this proof-of-concept exploit for the heartbleed vulnerability. Exploit - https://gist.github.com/takeshixx/10107280 CVE - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 Heartbleed References - http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309 https://threatpost.com/openssl-fixes-tls-vulnerability/105300 alert tcp any any -> $HOME_NET 443 (msg:"Attempted Heartbleed access exploitation for OpenSSL 1.0.1f and lower"; flow: to_server; content:"| 18 03 02 00 03 01 40 00 |"; reference:cve, CVE-2014-0160;) NickyB
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Heartbleed Rule Nicholas Bogart (Apr 09)
- Re: Heartbleed Rule Joel Esler (jesler) (Apr 09)
- Re: Heartbleed Rule Nicholas Bogart (Apr 09)
- Re: Heartbleed Rule Jefferson, Shawn (Apr 10)
- Re: Heartbleed Rule Joel Esler (jesler) (Apr 10)
- Re: Heartbleed Rule JJC (Apr 10)
- Re: Heartbleed Rule Jefferson, Shawn (Apr 11)
- Re: Heartbleed Rule Joel Esler (jesler) (Apr 09)