Welcome! Log In Create A New Profile

Advanced

Re: RE: OpenSSL leaks server-Keys / The Heartbleed Bug

Maxim Dounin
April 15, 2014 07:44AM
Hello!

On Mon, Apr 14, 2014 at 03:03:54PM -0400, itpp2012 wrote:

> Fyi. if you are running a ssl tunnel like stunnel with openssl 0.9.x, this
> attack is logged as "SSL3_GET_RECORD:wrong version number" as opposed to no
> nginx/openssl logging.
>
> If you have logging going back 2 years and you are seeing these log entries
> now, you may be able to detect attacks from before 7-4-2014.
>
> Here we have many stunnels with openssl 0.9.x and found the first attacks
> at: 2014.04.08 22:19:14 (CET) in more then 2 years of logging.

I suspect that this is just a particular script to exploit the
vulnerability, which doesn't care much about being correct and
is seen this way due to incorrect handshake. Proper exploitation
shouldn't be detectable this way.

And yes, it's seen on more or less any 0.9.x OpenSSL
installation, including nginx:

2014/04/15 04:02:57 [info] 48738#0: *2785200 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number) while SSL handshaking, client: 182.118.48.115, server: 0.0.0.0:443

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

OpenSSL leaks server-Keys / The Heartbleed Bug

mex April 08, 2014 06:50AM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

mex April 08, 2014 06:18PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Raul Hugo April 08, 2014 06:24PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

B.R. April 08, 2014 07:02PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Maxim Konovalov April 09, 2014 05:24AM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

mex April 09, 2014 02:47PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Valentin V. Bartenev April 11, 2014 12:12PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Jim Ohlstein April 11, 2014 12:36PM

Re: OpenSSL leaks server-Keys / The Heartbleed Bug

Philipp April 11, 2014 12:42PM

RE: OpenSSL leaks server-Keys / The Heartbleed Bug

Lukas Tribus April 12, 2014 07:16AM

Re: RE: OpenSSL leaks server-Keys / The Heartbleed Bug

itpp2012 April 14, 2014 03:03PM

Re: RE: OpenSSL leaks server-Keys / The Heartbleed Bug

Maxim Dounin April 15, 2014 07:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 172
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready