CVE-2014-0160 mitigation using iptables

• Previous message (by thread): CVE-2014-0160 mitigation using iptables
• Next message (by thread): CVE-2014-0160 mitigation using iptables
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 09 Apr 2014 11:07:36 +0100, Fabien Bourdaire said:

> # Log rules
> iptables -t filter -A INPUT  -p tcp --dport 443  -m u32 --u32 \
> "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBEAT"

That 52= isn't going to work if it's an IPv4 packet with an unexpected
number IP or TCP options, or an IPv6 connection....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140410/96be68d7/attachment.sig>

• Previous message (by thread): CVE-2014-0160 mitigation using iptables
• Next message (by thread): CVE-2014-0160 mitigation using iptables
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]