Using `iptables` to mitigate the Heartbleed Attack (CVE-2014-0160)

Using `iptables` to mitigate the Heartbleed attack (CVE-2014-0160)

Below is a rule that was published to mitigate the the Heartbleed Attack using `iptables`;

iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j DROP

 

The rule was used to mitigate the popular vulnerability named CVE-2014-0160. What the rule basically does is to DROP/block all heartbeat queries and handshakes using the u32 module, which is a powerful module as it is used to extract 4 bytes of data from the IP header at the provided offset before matching it with the given hex range.

 

Learn more about the Heartbleed Attack;

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
https://www.cisa.gov/uscert/ncas/alerts/TA14-098A
https://www.oracle.com/security-alerts/opensslheartbleedcve-2014-0160.html

 

Using `iptables` to mitigate the Heartbleed attack (CVE-2014-0160)
Wiki | thetqweb