Re: Alerts were Generated on my Snort IDS box for the Heartbleed Vulnerability

[Teo En Ming <teo.en.ming () gmail com>]

I have updated openssl on my CentOS 6.5 x86_64 virtual machine.

But as I don't have a Red Hat Network subscription, I can't update openssl
on my RHEL 7 Beta virtual machine. I also cannot download
openssl-1.0.1e-34.el7.x86_64.rpm anywhere else.

What should I do about openssl on my RHEL 7 Beta virtual machine?

Thank you very much.

Teo En Ming


On Mon, Apr 14, 2014 at 7:08 AM, Joel Esler (jesler) <jesler () cisco com>wrote:

> Patch OpenSSL.
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Apr 13, 2014, at 15:11, "Teo En Ming" <teo.en.ming () gmail com> wrote:
>
> Hi,
>
> I went to the following mcafee.com site to check my website for the
> heartbleed vulnerability.
>
> http://tif.mcafee.com/heartbleedtest
>
> Snort rules which detect the heartbleed vulnerability were fired. These
> snort rules come from the Snort community rules which I added a short while
> ago.
>
> The Snort alerts which are generated for the heartbleed vulnerability are
> as follows:
>
> 04/14-02:54:29.148070  [**] [1:30524:1] SERVER-OTHER OpenSSL TLSv1.1
> heartbeat read overrun attempt [**] [Classification: Attempted Information
> Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443
> 04/14-02:54:29.148663  [**] [1:30516:6] SERVER-OTHER TLSv1.1 large
> heartbeat response - possible ssl heartbleed attempt [**] [Classification:
> Attempted Information Leak] [Priority: 2] {TCP} 192.168.1.146:443 ->
> 161.69.31.4:50847
> 04/14-02:54:29.354600  [**] [1:30524:1] SERVER-OTHER OpenSSL TLSv1.1
> heartbeat read overrun attempt [**] [Classification: Attempted Information
> Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443
> 04/14-02:54:29.354600  [**] [1:30512:5] SERVER-OTHER OpenSSL TLSv1.1
> heartbeat read overrun attempt [**] [Classification: Attempted Information
> Leak] [Priority: 2] {TCP} 161.69.31.4:50847 -> 192.168.1.146:443
>
> What are the remedial steps to fix the heartbleed vulnerability on my web
> server?
>
> Thank you very much.
>
> Teo En Ming
>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!