Project

General

Profile

Actions
Copy link

Feature #1173

closed

tls: OpenSSL heartbleed detection

Added by Victor Julien about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Pierre Chifflier
Target version:
2.0.1rc1
Effort:
Difficulty:
Label:

Description

Merged through https://github.com/inliniac/suricata/pull/924

Actions
Copy link
 #1

Updated by Victor Julien about 10 years ago

To test this, check out the git master and add these 2 rules:

alert tls any any -> any any (msg:"SURICATA TLS overflow heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.overflow_heartbeat_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230012; rev:1;)
alert tls any any -> any any (msg:"SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.invalid_heartbeat_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230013; rev:1;)

Actions
Copy link

Also available in: Atom PDF