Welcome! Log In Create A New Profile

Advanced

Re: RE: OpenSSL leaks server-Keys / The Heartbleed Bug

April 14, 2014 03:03PM
Fyi. if you are running a ssl tunnel like stunnel with openssl 0.9.x, this attack is logged as "SSL3_GET_RECORD:wrong version number" as opposed to no nginx/openssl logging.

If you have logging going back 2 years and you are seeing these log entries now, you may be able to detect attacks from before 7-4-2014.

Here we have many stunnels with openssl 0.9.x and found the first attacks at: 2014.04.08 22:19:14 (CET) in more then 2 years of logging.

---
nginx for Windows http://nginx-win.ecsds.eu/
Subject Author Posted

OpenSSL leaks server-Keys / The Heartbleed Bug

mex April 08, 2014 06:50AM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

mex April 08, 2014 06:18PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Raul Hugo April 08, 2014 06:24PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

B.R. April 08, 2014 07:02PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Maxim Konovalov April 09, 2014 05:24AM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

mex April 09, 2014 02:47PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Valentin V. Bartenev April 11, 2014 12:12PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Jim Ohlstein April 11, 2014 12:36PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Philipp April 11, 2014 12:42PM

RE: OpenSSL leaks server-Keys / The Heartbleed Bug

Lukas Tribus April 12, 2014 07:16AM

Re: RE: OpenSSL leaks server-Keys / The Heartbleed Bug

itpp2012 April 14, 2014 03:03PM

Re: RE: OpenSSL leaks server-Keys / The Heartbleed Bug

Maxim Dounin April 15, 2014 07:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 190
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready