Snort mailing list archives
Re: OpenSSL TLS DTSL Heartbleed Bug Sig
From: Y M <snort () outlook com>
Date: Thu, 10 Apr 2014 08:14:15 +0000
The byte_test format does not seem to be right: http://manual.snort.org/node408.html You might also want to check this blog post: http://vrt-blog.snort.org/2014/04/heartbleed-memory-disclosure-upgrade.html YM CC: snort-sigs () lists sourceforge net From: alberto.colosi () sistinf it Date: Thu, 10 Apr 2014 09:46:06 +0200 Subject: Re: [Snort-sigs] OpenSSL TLS DTSL Heartbleed Bug Sig why to me I receive FATAL ERROR: /usr/local/snort/rules/al-hb.rules (1): Bad arguments to byte_test: 6 From:LIONEL PLAZA <leo240sx () gmail com>To:snort-sigs () lists sourceforge net, Date:10/04/2014 04:13Subject:[Snort-sigs] OpenSSL TLS DTSL Heartbleed Bug Sig Hello Everyone, Here's a first take at the OpenSSL Heartbleed sig. I didn't get a chance to test, due to moving offices and losing access to lab (temporarily). But I figured someone could try it out and refine it. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "OpenSSL TLS DTLS Heartbleed bug CVE-2014-160"; flow:to_server,established; content:"GET"; nocase; http_method; content:"|18 03 03 00 40 03|"; byte_test:6; reference:"cve,2014-160"; classtype: successful-user; sid:xxx; rev: 1;) Cheers! Leo------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.orgfor the latest news about Snort! ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- OpenSSL TLS DTSL Heartbleed Bug Sig LIONEL PLAZA (Apr 09)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Alberto Colosi (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Y M (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Y M (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Nicholas Mavis (nmavis) (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Júlio César Melo (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Nicholas Bogart (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Joel Esler (jesler) (Apr 10)
- Re: OpenSSL TLS DTSL Heartbleed Bug Sig Alberto Colosi (Apr 10)