[Bro] Detecting heartbleed activity
sangdrax8
sangdrax8 at gmail.com
Mon Apr 21 07:32:10 PDT 2014
I have pulled the latest branch, installed and pushed to my hosts. I
loaded the heartbleed as indicated, then I am testing with the
following site (https://filippo.io/Heartbleed/) so I can try and cause
a notice. After running the attack, I can't seem to get a notice
log.
So I figure either the attach generated by this site doesn't trigger
the script to insert a log, or I have something not configured right
still. Is there some way I can check to see that I am in fact on this
branch on all my nodes? Is there a specific version number or
something I can verify?
I can see the file in place, and the load statement in my local.bro,
so not really sure what else to check. Any assistance would be much
appreciated.
On Mon, Apr 21, 2014 at 8:43 AM, Bernhard Amann
<bernhard at icsi.berkeley.edu> wrote:
>
> On Apr 21, 2014, at 5:33 AM, sangdrax8 <sangdrax8 at gmail.com> wrote:
>
>> It appears that the master branch was merged into this heartbeat
>> branch. Does this by chance include the memleak-fix merge you
>> mentioned? Is this possibly a test before merging these changes into
>> master its self?
>
> It does include the memory leak fixes that were mentioned, if you update
> the branch to the current state these are included.
>
>> Also, it has been a while since I did my install, and I can't recall.
>> If I do this on my master, then run the broctrl install, does it push
>> the new install to all the nodes? I know the configurations get
>> pushed out, but I can't recall if the entire install is pushed, or
>> just configuration files.
>
> The entire installation is pushed out.
>
>> Thank you!
>
> You are welcome,
> Bernhard
More information about the Bro
mailing list