Tuesday, April 8, 2014

Heartbleed OpenSSL Vulnerability

You can use the following custom IPS signature to detect and block the recently disclosed OpenSSL "Heartbleed" vulnerability.

F-SBID( --name "OpenSSL.TLS.Heartbeat.Information.Disclosure"; --protocol tcp;  --flow from_client; --service SSL; --pattern "|18|"; --context packet; --within 1,context; --byte_test 2,>,255,2,relative; )


More information about the vulnerability can be found here:
http://heartbleed.com/
at

1 comment:

  1. AnonymousApril 9, 2014 at 4:56 AM

    Thanks for the signature.
    What exactly does this signature test?
    Suspicious large requests?

    ReplyDelete