Snort mailing list archives
Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sun, 13 Apr 2014 23:08:55 +0000
Patch OpenSSL. -- Joel Esler Sent from my iPhone
On Apr 13, 2014, at 15:11, "Teo En Ming" <teo.en.ming () gmail com> wrote: Hi, I went to the following mcafee.com site to check my website for the heartbleed vulnerability. http://tif.mcafee.com/heartbleedtest Snort rules which detect the heartbleed vulnerability were fired. These snort rules come from the Snort community rules which I added a short while ago. The Snort alerts which are generated for the heartbleed vulnerability are as follows: 04/14-02:54:29.148070 [**] [1:30524:1] SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443 04/14-02:54:29.148663 [**] [1:30516:6] SERVER-OTHER TLSv1.1 large heartbeat response - possible ssl heartbleed attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.1.146:443 -> 161.69.31.4:50847 04/14-02:54:29.354600 [**] [1:30524:1] SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443 04/14-02:54:29.354600 [**] [1:30512:5] SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443 What are the remedial steps to fix the heartbleed vulnerability on my web server? Thank you very much. Teo En Ming ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability Teo En Ming (Apr 13)
- Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability Jeremy Hoel (Apr 13)
- Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability Joel Esler (jesler) (Apr 13)
- Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability Joel Esler (jesler) (Apr 13)
- Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability Teo En Ming (Apr 14)
- Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability Jeremy Hoel (Apr 13)