[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-2014-0160 mitigation using iptables
- Subject: CVE-2014-0160 mitigation using iptables
- From: nick at foobar.org (Nick Hilliard)
- Date: Thu, 10 Apr 2014 11:12:40 +0100
- In-reply-to: <[email protected]>
- References: <[email protected]>
On 09/04/2014 11:07, Fabien Bourdaire wrote:
> Following up on the CVE-2014-0160 vulnerability, heartbleed. We've
> created some iptables rules to block all heartbeat queries using the
> very powerful u32 module.
as someone pointed out on the UKNOF mailing list yesterday, you make a
number of assumptions in this ruleset which are not necessarily valid.
Please do not claim that this ruleset blocks all heartbeat queries because
it does not.
Nick