[170843] in North American Network Operators' Group
Re: CVE-2014-0160 mitigation using iptables
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Apr 10 09:55:07 2014
To: Fabien Bourdaire <lists@ecsc.co.uk>
In-Reply-To: Your message of "Wed, 09 Apr 2014 11:07:36 +0100."
<53451BE8.8060609@ecsc.co.uk>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 10 Apr 2014 09:52:53 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1397137973_1974P
Content-Type: text/plain; charset=us-ascii
On Wed, 09 Apr 2014 11:07:36 +0100, Fabien Bourdaire said:
> # Log rules
> iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 \
> "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBEAT"
That 52= isn't going to work if it's an IPv4 packet with an unexpected
number IP or TCP options, or an IPv6 connection....
--==_Exmh_1397137973_1974P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBU0aiNQdmEQWDXROgAQLgdw//WZ+p3fk4yXpDP8E/bLhugprzVa9j+kH8
TSKxT9PDSY2x03JikuaAgl6gxLtG8ifDjjQtKUcSYc99dVjXssKrez/lLp05ljKT
BUkXHMEuF0QNzZOgdQNqs5RjCWpXw+Jh8ot+2o40Y52dcoXmm4NrETyfVrTPPLp8
EmGeVO9UwgL8xIW3J3yfC/s3ZucUyi7xXkMObynkc8pW1SOYLf0IiTV9nmIbs5ug
v2sodieyjU5+PfxLOfbG8k6WmodSUtZupl4y4KMj5Z7E+tYcgJ3d6y92oOqRJdIM
MDFb66goH7b3WbFH+VsWP6X0J/7ECbml5lhVRfAyhAkqVxwsE1O4ZITRki8P1lKR
WZe9NiNG3upz9jLj0GKu+1pfJYDO+8QNcL9N+o1Qsu7PgWXHacmQTbt0Ly162Vig
UqiHXIYwZag7uNWNFAZFTIBQVOhwStP0AvS5H3LRuiEpm0Q5bcvuuX8kSPVvP0+r
l9+kba9bQRJ6IhkG6euyad5xbPgvkVDUu4dEdCIXEndrXRTsFxxUoay0ozpDnJ4n
rd+8tx5hsSOw8KbbNdUJc53lQwNvKJnH6ZN5HnXgvRjM1hUbWDy5GdlYeRDBRgV7
k/UFYLOR+5PQVXEmVPeHvjE3k+FPfrUQsCX6MCdlwDXDk9AIAvIWaBSnNjfe6vAu
Wp0kchH2480=
=yenI
-----END PGP SIGNATURE-----
--==_Exmh_1397137973_1974P--
