nanog mailing list archives
RE: CVE-2014-0160 mitigation using iptables
From: David Hubbard <dhubbard () dino hostasaurus com>
Date: Thu, 10 Apr 2014 09:54:54 -0400
He was also proven wrong on the Full Disclosure list but he seems to be pushing this everywhere he can find an audience for some reason. -----Original Message----- From: Nick Hilliard [mailto:nick () foobar org] Sent: Thursday, April 10, 2014 6:13 AM To: Fabien Bourdaire; nanog () nanog org Subject: Re: CVE-2014-0160 mitigation using iptables On 09/04/2014 11:07, Fabien Bourdaire wrote:
Following up on the CVE-2014-0160 vulnerability, heartbleed. We've created some iptables rules to block all heartbeat queries using the very powerful u32 module.
as someone pointed out on the UKNOF mailing list yesterday, you make a number of assumptions in this ruleset which are not necessarily valid. Please do not claim that this ruleset blocks all heartbeat queries because it does not. Nick
Current thread:
- CVE-2014-0160 mitigation using iptables Fabien Bourdaire (Apr 10)
- Re: CVE-2014-0160 mitigation using iptables Nick Hilliard (Apr 10)
- RE: CVE-2014-0160 mitigation using iptables David Hubbard (Apr 10)
- Re: CVE-2014-0160 mitigation using iptables Valdis . Kletnieks (Apr 10)
- Re: CVE-2014-0160 mitigation using iptables shawn wilson (Apr 10)
- Re: CVE-2014-0160 mitigation using iptables Nick Hilliard (Apr 10)