Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Heartbleed again??

    Scheduled Pinned Locked Moved
    Firewalling
    2
    2
    205
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee
      last edited by JonathanLee

      Screenshot 2024-03-11 at 13.38.34.png

      Hello fellow Netgate community members,

      I thought we took care of this exploit years ago, even within Polycom teleconference equipment, how was this being attempted again. I wonder if this is a false positive or a real exploit being attempted. I remember when I was still in the field this was an emergency fix everything now bug, and there is not many like that. A drop everything fix it, and patch it bug.

      Has anyone else see this signature being detected again?

      ET EXPLOIT Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port (Outbound from Client)

      I am glad I have official Snort subscriber rules this would have made me have a bad day.

      Make sure to upvote

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @JonathanLee
        last edited by

        @JonathanLee I doubt it’s a false positive, but rather a bot that’s just trying to find an unpatched server by trying all IPs. It doesn’t mean it will work.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 2
        • First post
          Last post