Tuesday, April 8, 2014

Heartbleed OpenSSL Vulnerability

You can use the following custom IPS signature to detect and block the recently disclosed OpenSSL "Heartbleed" vulnerability.

F-SBID( --name "OpenSSL.TLS.Heartbeat.Information.Disclosure"; --protocol tcp;  --flow from_client; --service SSL; --pattern "|18|"; --context packet; --within 1,context; --byte_test 2,>,255,2,relative; )


More information about the vulnerability can be found here:
http://heartbleed.com/

2 comments:

Enno Gröper said...

Thanks for the signature.
What exactly does this signature test?
Suspicious large requests?

aalia lyon said...

That’s a nice blog , this blog helps you, please check this url and solve your windows 7 related problem.
windows firewall error 1068 windows 7
Thanks
Aalia lyon