Tuesday, April 8, 2014

Heartbleed OpenSSL Vulnerability

You can use the following custom IPS signature to detect and block the recently disclosed OpenSSL "Heartbleed" vulnerability.

F-SBID( --name "OpenSSL.TLS.Heartbeat.Information.Disclosure"; --protocol tcp;  --flow from_client; --service SSL; --pattern "|18|"; --context packet; --within 1,context; --byte_test 2,>,255,2,relative; )

More information about the vulnerability can be found here:


Anonymous said...

Thanks for the signature.
What exactly does this signature test?
Suspicious large requests?

aalia lyon said...

That’s a nice blog , this blog helps you, please check this url and solve your windows 7 related problem.
windows firewall error 1068 windows 7
Aalia lyon