Snort mailing list archives
Re: OpenSSL TLS DTSL Heartbleed Bug Sig
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 10 Apr 2014 22:28:19 +0000
I’ve removed the rules (instead of updating the blog post every time we update the rules for whatever reason) from the blog post and we are putting them out in the community rule pack now. http://www.snort.org/snort-rules#community -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Apr 9, 2014, at 11:37 PM, Nicholas Bogart <nickybzoss () gmail com<mailto:nickybzoss () gmail com>> wrote: I had just about the same one that I posted yesterday. Joel referenced me to the latest on the VRT Blog http://vrt-blog.snort.org/ which has several rules covering it in the latest updates. On Thu, Apr 10, 2014 at 5:07 AM, LIONEL PLAZA <leo240sx () gmail com<mailto:leo240sx () gmail com>> wrote: Hello Everyone, Here's a first take at the OpenSSL Heartbleed sig. I didn't get a chance to test, due to moving offices and losing access to lab (temporarily). But I figured someone could try it out and refine it. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "OpenSSL TLS DTLS Heartbleed bug CVE-2014-160"; flow:to_server,established; content:"GET"; nocase; http_method; content:"|18 03 03 00 40 03|"; byte_test:6; reference:"cve,2014-160"; classtype: successful-user; sid:xxx; rev: 1;) Cheers! Leo ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort! ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- OpenSSL TLS DTSL Heartbleed Bug Sig LIONEL PLAZA (Apr 09)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Alberto Colosi (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Y M (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Y M (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Nicholas Mavis (nmavis) (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Júlio César Melo (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Nicholas Bogart (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Joel Esler (jesler) (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Alberto Colosi (Apr 10)