Full Disclosure mailing list archives

Re: heartbleed OpenSSL bug CVE-2014-0160

From: Reindl Harald <h.reindl () thelounge net>
Date: Fri, 11 Apr 2014 13:09:37 +0200


Am 10.04.2014 11:01, schrieb Reindl Harald:

__________________________________________________________________________________________________________________

iptables --list --numeric --verbose

    0     0 LOG        tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            multiport dports
443,993,995 u32 "0x34=0x18030000:0x1803ffff" limit: avg 5/hour burst 5 LOG flags 0 level 7 prefix "Firewall:
Heartbleed "
    0     0 DROP       tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            multiport dports
443,993,995 u32 "0x34=0x18030000:0x1803ffff"
__________________________________________________________________________________________________________________


interesting, i have until now 3 mail client-IPs triggering that rules on 993 and 995
one of them is our own external office, the other two are using AppleMail too

anybody an idea why Mail.app is using Heartbeat packets on POP3s and IMAPs?

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- - - Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P (Apr 11)
    - Message not available
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Chris Schmidt (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Nik Mitev (Apr 08)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Ronny Lauenstein (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Ken Connelly (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Justin Bull (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Fabien Bourdaire (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel (Apr 09)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 11)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Seth Arnold (Apr 11)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Daniel Franke (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Jeremy Voorhis (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Aidan Thornton (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Peter Malone (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Coderaptor (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Peter Malone (Apr 09)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ingo Schmitt (Apr 10)

(Thread continues...)