[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

To: Fabien Bourdaire <lists@xxxxxxxxxx>
Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
From: Daniel Franke <dfoxfranke@xxxxxxxxx>
Date: Wed, 9 Apr 2014 17:04:49 -0400

On 4/9/14, Fabien Bourdaire <lists@xxxxxxxxxx> wrote:
> We've created some iptables rules to block all heartbeat queries using
> the very powerful u32 module.
>
> # Block rules
> iptables -t filter -A INPUT  -p tcp --dport 443  -m u32 --u32 \
> "52=0x18030000:0x1803FFFF" -j DROP

It appears to me that this rule assumes that TLS records align with
TCP packet boundaries. Attackers can circumvent it by manipulating
said boundaries. This is, in general, an inherent limitation of trying
to use U32 to filter TCP-based application protocols.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] heartbleed OpenSSL bug CVE-2014-0160
  - From: Kirils Solovjovs
- Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
  - From: Fabien Bourdaire

Prev by Date: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Next by Date: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Previous by thread: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Next by thread: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Index(es):
- Date
- Thread