Educause Security Discussion mailing list archives
Re: Finding Servers Using OpenSSL SSL/TLS
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Fri, 11 Apr 2014 16:16:00 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 11 Apr 2014 12:52:42 -0400 Steven Carmody <steven_carmody () BROWN EDU> wrote:
On 4/11/14 12:49 PM, Joel L. Rosenblatt wrote:We keep a constantly updating list of any IP address that accepts connections on port 443 using netflow information, we test them for the Heartbleed bug and inform the machine owner if they have a problemCan you provide any more detailing info about how you test machines for the Heartbleed vulnerability ? Are you looking at the headers that returned, or doing something else ?
Steven - I compiled a list of scanners and PoC code, as well as links to the nmap nse and metasploit modules: http://opensecgeek.blogspot.com/2014/04/heartbeatheartbleed-resources-only.html kmw -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlNITYEACgkQsKMTOtQ3fKFJKQCffLEQejuyp7mXJnFtk5raw0It cYAAn0kf9GxPRAYQYp2kCQTJiPXCdJaP =CqPa -----END PGP SIGNATURE-----
Current thread:
- Re: Finding Servers Using OpenSSL SSL/TLS, (continued)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Ken Connelly (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Tim Doty (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Pratt, Benjamin E. (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Scherck, Daniel (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Scherck, Daniel (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Valdis Kletnieks (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Danny Schales (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Kevin Wilcox (Apr 11)