Full Disclosure mailing list archives

Re: heartbleed OpenSSL bug CVE-2014-0160

From: Daniel Franke <dfoxfranke () gmail com>
Date: Wed, 9 Apr 2014 17:04:49 -0400

On 4/9/14, Fabien Bourdaire <lists () ecsc co uk> wrote:

We've created some iptables rules to block all heartbeat queries using
the very powerful u32 module.

# Block rules
iptables -t filter -A INPUT  -p tcp --dport 443  -m u32 --u32 \
"52=0x18030000:0x1803FFFF" -j DROP


It appears to me that this rule assumes that TLS records align with
TCP packet boundaries. Attackers can circumvent it by manipulating
said boundaries. This is, in general, an inherent limitation of trying
to use U32 to filter TCP-based application protocols.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- - - Re: heartbleed OpenSSL bug CVE-2014-0160 Nik Mitev (Apr 08)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Ronny Lauenstein (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Ken Connelly (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Justin Bull (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Fabien Bourdaire (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Seth Arnold (Apr 11)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Daniel Franke (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Jeremy Voorhis (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Aidan Thornton (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Peter Malone (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Coderaptor (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Peter Malone (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ingo Schmitt (Apr 10)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 10)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 David Tomaschik (Apr 10)

(Thread continues...)