[Bro] Detecting heartbleed activity
seth at icir.org
Thu Apr 10 06:01:42 PDT 2014
On Apr 10, 2014, at 8:37 AM, M K <mkhan04 at gmail.com> wrote:
> I'm not sure you can come up with a reliable and simple means of finding it through the information in the connection log.
You’re correct, I don’t believe that the attack is apparent in any Bro logs in our releases. The only way at the moment to detect heartbleed with Bro is to use Bernhard’s branch (although I’d love to be proven wrong if someone figures out a way to catch it!)
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140410/805b30a3/attachment.bin
More information about the Bro