Re: Finding Servers Using OpenSSL SSL/TLS

["Joel L. Rosenblatt" <joel () COLUMBIA EDU>]

We keep a constantly updating list of any IP address that accepts
connections on port 443 using netflow information, we test them for
the Heartbleed bug and inform the machine owner if they have a problem

Thanks,
Joel Rosenblatt




Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3


On Fri, Apr 11, 2014 at 11:33 AM, Pratt, Benjamin E.
<bepratt () stcloudstate edu> wrote:
> Good morning everyone.
>
> The question:
>
> What would be the best option for determining remotely whether a server utilizes OpenSSL SSL/TLS for encrypting https 
> traffic?
>
> The background:
>
> I'm hoping the list can provide a little assistance in dealing with the aftermath of the Heartbleed vulnerability.
>
> The good news is a scan of our campus network indicates that we are nearly fully patched. The bad news is that not 
> all of the https servers utilizing OpenSSL SSL/TLS are centrally controlled. This means that we don't know which 
> servers were patched before our first scan and therefore where all of the servers that were vulnerable, over the past 
> two years, are located.
>
> I am attempting to put together options that include changing out SSL certificates and notifying users of previously 
> vulnerable systems to update passwords. If I am able to provide more specific information about the scope of our 
> endeavor it would certainly be an added value.
>
> Thank you,
>
> Ben
>
> --
>
> Benjamin Pratt
> St. Cloud State University