CVE-2014-0160 mitigation using iptables
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Apr 10 13:52:53 UTC 2014
On Wed, 09 Apr 2014 11:07:36 +0100, Fabien Bourdaire said:
> # Log rules
> iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 \
> "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBEAT"
That 52= isn't going to work if it's an IPv4 packet with an unexpected
number IP or TCP options, or an IPv6 connection....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140410/96be68d7/attachment.sig>
More information about the NANOG
mailing list