[Snort-users] Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability

Teo En Ming teo.en.ming at ...11827...
Mon Apr 14 03:23:37 EDT 2014


I have updated openssl on my CentOS 6.5 x86_64 virtual machine.

But as I don't have a Red Hat Network subscription, I can't update openssl
on my RHEL 7 Beta virtual machine. I also cannot download
openssl-1.0.1e-34.el7.x86_64.rpm anywhere else.

What should I do about openssl on my RHEL 7 Beta virtual machine?

Thank you very much.

Teo En Ming


On Mon, Apr 14, 2014 at 7:08 AM, Joel Esler (jesler) <jesler at ...589...>wrote:

> Patch OpenSSL.
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Apr 13, 2014, at 15:11, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
>
> Hi,
>
> I went to the following mcafee.com site to check my website for the
> heartbleed vulnerability.
>
> http://tif.mcafee.com/heartbleedtest
>
> Snort rules which detect the heartbleed vulnerability were fired. These
> snort rules come from the Snort community rules which I added a short while
> ago.
>
> The Snort alerts which are generated for the heartbleed vulnerability are
> as follows:
>
> 04/14-02:54:29.148070  [**] [1:30524:1] SERVER-OTHER OpenSSL TLSv1.1
> heartbeat read overrun attempt [**] [Classification: Attempted Information
> Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443
> 04/14-02:54:29.148663  [**] [1:30516:6] SERVER-OTHER TLSv1.1 large
> heartbeat response - possible ssl heartbleed attempt [**] [Classification:
> Attempted Information Leak] [Priority: 2] {TCP} 192.168.1.146:443 ->
> 161.69.31.4:50847
> 04/14-02:54:29.354600  [**] [1:30524:1] SERVER-OTHER OpenSSL TLSv1.1
> heartbeat read overrun attempt [**] [Classification: Attempted Information
> Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443
> 04/14-02:54:29.354600  [**] [1:30512:5] SERVER-OTHER OpenSSL TLSv1.1
> heartbeat read overrun attempt [**] [Classification: Attempted Information
> Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443
>
> What are the remedial steps to fix the heartbleed vulnerability on my web
> server?
>
> Thank you very much.
>
> Teo En Ming
>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140414/e39dd3d1/attachment.html>


More information about the Snort-users mailing list