CVE-2014-0160 mitigation using iptables
Nick Hilliard
nick at foobar.org
Thu Apr 10 10:12:40 UTC 2014
On 09/04/2014 11:07, Fabien Bourdaire wrote:
> Following up on the CVE-2014-0160 vulnerability, heartbleed. We've
> created some iptables rules to block all heartbeat queries using the
> very powerful u32 module.
as someone pointed out on the UKNOF mailing list yesterday, you make a
number of assumptions in this ruleset which are not necessarily valid.
Please do not claim that this ruleset blocks all heartbeat queries because
it does not.
Nick
More information about the NANOG
mailing list