Tuesday, April 8, 2014

Heartbleed OpenSSL Vulnerability

You can use the following custom IPS signature to detect and block the recently disclosed OpenSSL "Heartbleed" vulnerability.

F-SBID( --name "OpenSSL.TLS.Heartbeat.Information.Disclosure"; --protocol tcp;  --flow from_client; --service SSL; --pattern "|18|"; --context packet; --within 1,context; --byte_test 2,>,255,2,relative; )


More information about the vulnerability can be found here:
http://heartbleed.com/

1 comment:

Anonymous said...

Thanks for the signature.
What exactly does this signature test?
Suspicious large requests?