Actions
Feature #1173
closed
VJ
PC
tls: OpenSSL heartbleed detection
Feature #1173:
tls: OpenSSL heartbleed detection
Effort:
Difficulty:
Label:
Actions
Added by Victor Julien about 12 years ago. Updated about 12 years ago.
To test this, check out the git master and add these 2 rules:
alert tls any any -> any any (msg:"SURICATA TLS overflow heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.overflow_heartbeat_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230012; rev:1;) alert tls any any -> any any (msg:"SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.invalid_heartbeat_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230013; rev:1;)