Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
question about analys OpenSSL TLS Heartbeat
04-14-2014, 02:04 PM
Post: #1
question about analys OpenSSL TLS Heartbeat
dear sir.

i have problems about rules snort OpenSSL TLS Heartbeat. you can see me how to filter 18 03 00 in rules. step by step.

alert tcp $HOME_NET any -> $EXTERNAL_NET [25,443,465,636,992,993,995,2484] (msg:"SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt"; flow:to_server,established; content:"|18 03 00|"; depth:3; byte_test:2,>,128,3; metadata:policy balanced-ips drop, policy security-ips drop, ruleset community, service ssl; reference:cve,2014-0160; classtype:attempted-admin; sid:30520; rev:3; )

in code exploit OpenSSL TLS Heartbeat i see have two line Related to content:"18 03 00"

hb = h2bin(”’
18 03 02 00 03
01 40 00
”’)

this is link
http://cyberintruder.wordpress.com/2014/...erability/

please help me ?
Find all posts by this user
Like Post Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)