[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-2014-0160 mitigation using iptables
- Subject: CVE-2014-0160 mitigation using iptables
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Date: Thu, 10 Apr 2014 09:52:53 -0400
- In-reply-to: Your message of "Wed, 09 Apr 2014 11:07:36 +0100." <[email protected]>
- References: <[email protected]>
On Wed, 09 Apr 2014 11:07:36 +0100, Fabien Bourdaire said:
> # Log rules
> iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 \
> "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBEAT"
That 52= isn't going to work if it's an IPv4 packet with an unexpected
number IP or TCP options, or an IPv6 connection....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140410/96be68d7/attachment.bin>