Snort mailing list archives
Re: OpenSSL TLS DTSL Heartbleed Bug Sig
From: Nicholas Bogart <nickybzoss () gmail com>
Date: Thu, 10 Apr 2014 06:37:00 +0300
I had just about the same one that I posted yesterday. Joel referenced me to the latest on the VRT Blog http://vrt-blog.snort.org/ which has several rules covering it in the latest updates. On Thu, Apr 10, 2014 at 5:07 AM, LIONEL PLAZA <leo240sx () gmail com> wrote:
Hello Everyone, Here's a first take at the OpenSSL Heartbleed sig. I didn't get a chance to test, due to moving offices and losing access to lab (temporarily). But I figured someone could try it out and refine it. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "OpenSSL TLS DTLS Heartbleed bug CVE-2014-160"; flow:to_server,established; content:"GET"; nocase; http_method; content:"|18 03 03 00 40 03|"; byte_test:6; reference:"cve,2014-160"; classtype: successful-user; sid:xxx; rev: 1;) Cheers! Leo ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- OpenSSL TLS DTSL Heartbleed Bug Sig LIONEL PLAZA (Apr 09)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Alberto Colosi (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Y M (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Y M (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Nicholas Mavis (nmavis) (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Júlio César Melo (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Nicholas Bogart (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Joel Esler (jesler) (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Alberto Colosi (Apr 10)