CVE-2014-0160 mitigation using iptables

• Previous message (by thread): CVE-2014-0160 mitigation using iptables
• Next message (by thread): CVE-2014-0160 mitigation using iptables
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/04/2014 11:07, Fabien Bourdaire wrote:
> Following up on the CVE-2014-0160 vulnerability, heartbleed. We've
> created some iptables rules to block all heartbeat queries using the
> very powerful u32 module.

as someone pointed out on the UKNOF mailing list yesterday, you make a
number of assumptions in this ruleset which are not necessarily valid.

Please do not claim that this ruleset blocks all heartbeat queries because
it does not.

Nick

• Previous message (by thread): CVE-2014-0160 mitigation using iptables
• Next message (by thread): CVE-2014-0160 mitigation using iptables
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]