[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-2014-0160 mitigation using iptables
- Subject: CVE-2014-0160 mitigation using iptables
- From: dhubbard at dino.hostasaurus.com (David Hubbard)
- Date: Thu, 10 Apr 2014 09:54:54 -0400
- References: <[email protected]> <[email protected]>
He was also proven wrong on the Full Disclosure list but he seems to be
pushing this everywhere he can find an audience for some reason.
-----Original Message-----
From: Nick Hilliard [mailto:nick at foobar.org]
Sent: Thursday, April 10, 2014 6:13 AM
To: Fabien Bourdaire; nanog at nanog.org
Subject: Re: CVE-2014-0160 mitigation using iptables
On 09/04/2014 11:07, Fabien Bourdaire wrote:
> Following up on the CVE-2014-0160 vulnerability, heartbleed. We've
> created some iptables rules to block all heartbeat queries using the
> very powerful u32 module.
as someone pointed out on the UKNOF mailing list yesterday, you make a
number of assumptions in this ruleset which are not necessarily valid.
Please do not claim that this ruleset blocks all heartbeat queries
because it does not.
Nick