Commit Graph

6 Commits (923341fa058388275aad7399952c40d2ab2fc884)

Author SHA1 Message Date
Victor Julien db563ed4b0 tls: check SSL3/TLS version per record
Set event if SSL3/TLS record isn't within the acceptable range.
12 years ago
Victor Julien c5f43785f1 tls/heartbleed: add rule for invalid encrypted hb
Add rule to tls-events.rules to match on the invalid encrypted
heartbeat.
12 years ago
Pierre Chifflier d476c654ee TLS: add detection for malicious heartbeats (AKA heartbleed)
The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not
check the payload length correctly, resulting in a copy of at most 64k
of memory from the server (ref: CVE-2014-0160).
This patch adds support for decoding heartbeat messages (if not
encrypted), and checking several parts (type, length and padding).
When an anomaly is detected, a TLS event is raised.
12 years ago
Anoop Saldanha cd7f0273a2 Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record". 12 years ago
Victor Julien e3764b90c3 tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event. 14 years ago
Victor Julien e624c56c83 Add TLS decoder event rule file. 14 years ago