Full Disclosure mailing list archives
Re: heartbleed OpenSSL bug CVE-2014-0160
From: Seth Arnold <seth.arnold () canonical com>
Date: Fri, 11 Apr 2014 11:41:00 -0700
On Fri, Apr 11, 2014 at 01:09:37PM +0200, Reindl Harald wrote:
interesting, i have until now 3 mail client-IPs triggering that rules on 993 and 995 one of them is our own external office, the other two are using AppleMail too anybody an idea why Mail.app is using Heartbeat packets on POP3s and IMAPs?
No idea on pop3. But a long-lived imap4 connection waiting in IDLE may cause a stateful firewall (such as common consumer NAT routers) to time-out a connection as "inactive" after a while. That might result in apparently hung connections or otherwise unreliable services. TLS heartbeats would be a convenient way to keep the connection alive through such firewalls and provide a more reliable service to users. Thanks
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- Message not available
- Re: heartbleed OpenSSL bug CVE-2014-0160 Chris Schmidt (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Nik Mitev (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ronny Lauenstein (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ken Connelly (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Justin Bull (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Fabien Bourdaire (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Seth Arnold (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Aidan Thornton (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Coderaptor (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 10)