[170776] in North American Network Operators' Group
Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
daemon@ATHENA.MIT.EDU (Me)
Tue Apr 8 19:57:29 2014
Date: Tue, 08 Apr 2014 17:56:45 -0600
From: Me <jschiel@flowtools.net>
To: nanog@nanog.org
In-Reply-To: <F2317B15-3F67-4BAE-B41C-9E1DAD2FDC76@ianai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/08/2014 10:16 AM, Patrick W. Gilmore wrote:
> Lots of tools available. I'm with ferg, surprised more haven't been mentioned here.
>
> Tools to check for the bug:
> • on your own box: https://github.com/musalbas/heartbleed-masstest/blob/master/ssltest.py
> • online: http://filippo.io/Heartbleed/ (use carefully as they might log what you check)
> • online: http://possible.lv/tools/hb/
> • offline: https://github.com/tdussa/heartbleed-masstest <--- Tobias Dussa, also Takes a CSV file with host names for input and ports as parameter
> • offline: http://s3.jspenguin.org/ssltest.py
> • offline: https://github.com/titanous/heartbleeder
>
> List of vulnerable Linux distributions: <http://www.circl.lu/pub/tr-21/>.
>
> Anyone have any more?
>
Thanks for the expanded list, I had some of these already. I'm not
comfortable in letting some online code that I can't see test my site
though.
--John
