[Bro] Detecting heartbleed activity

Seth Hall seth at icir.org
Thu Apr 10 06:01:42 PDT 2014

On Apr 10, 2014, at 8:37 AM, M K <mkhan04 at gmail.com> wrote:

> I'm not sure you can come up with a reliable and simple means of finding it through the information in the connection log.

You’re correct, I don’t believe that the attack is apparent in any Bro logs in our releases.  The only way at the moment to detect heartbleed with Bro is to use Bernhard’s branch (although I’d love to be proven wrong if someone figures out a way to catch it!)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140410/805b30a3/attachment.bin 

More information about the Bro mailing list