Nessus released a plug in today to test for it.
https://discussions.nessus.org/thread/7274 ________________________________________ From: [email protected] [[email protected]] on behalf of Ziots, Edward [[email protected]] Sent: Wednesday, April 09, 2014 2:56 PM To: [email protected] Subject: RE: [NTSysADM] Heartbleed vulnerability You can also use the external site to check your external facing systems. http://filippo.io/Heartbleed/ Z Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Ziots, Edward Sent: Wednesday, April 09, 2014 2:31 PM To: [email protected] Subject: RE: [NTSysADM] Heartbleed vulnerability If you are having problems in Windows with the download of the file, I did the following to work with it in 6.40. I used the wget command on Unix to download the file, and then used WINSCP to move it over to windows and then dumped it in the scripts directory. The file downloaded from Unix was smaller, so I think it gets horked when you do a rename from .txt to .nse. Z Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Wednesday, April 09, 2014 2:23 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Heartbleed vulnerability I'm running 6.40 - pretty close to current. There might be issues running it against subnets larger than /24 - I'm looking over that now. Kurt On Wed, Apr 9, 2014 at 11:13 AM, Joe Matuscak <[email protected]<mailto:[email protected]>> wrote: What version of nmap are you using? I'm trying 5.51 on CentOS 6.5 and after pulling down a bunch of nmap libraries, its failing with a " attempt to call field 'module' (a nil value)" error. ________________________________ https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse Just copied it to the scripts directory, and am, per the comments, running nmap -p 443 --script ssl-heartbleed <target> Kurt On Wed, Apr 9, 2014 at 10:30 AM, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: Where did you get the script from, please share…. Need it for my scans also. Z Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497<tel:401-255-2497> This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kurt Buff Sent: Wednesday, April 09, 2014 1:23 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Heartbleed vulnerability Yup. Found the script, installed it, and am scanning now. Found an appliance that's vulnerable already, and have contacted the vendor, and they say they'll get back to me, as engineering is still evaluating. Kurt On Wed, Apr 9, 2014 at 10:14 AM, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: http://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929 Looks like there might be a NMAP script out for the vulnerability also per the ISC sites Z Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497<tel:401-255-2497> This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kurt Buff Sent: Wednesday, April 09, 2014 12:45 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Heartbleed vulnerability Don't know, but it might be worthwhile checking on any equipment with a web server, including: switches, routers, ILO/DRAC, ESX/ESXi, web filters, spam filters, firewalls, SSL VPN appliances, 3rd party computer management software (Dell server administrator software, etc.). That's just off the top of my head... I'm looking for a script to run against my internal infrastructure - anyone know of one? Kurt On Wed, Apr 9, 2014 at 7:49 AM, David Lum <[email protected]<mailto:[email protected]>> wrote: From: David Lum Sent: Wednesday, April 09, 2014 7:43 AM To: '[email protected]<mailto:[email protected]>' Subject: Heartbleed vulnerability Are many of you guys affected by this? https://isc.sans.edu/forums/diary/Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921 Most likely vectors are apparently Linux-based appliances. [cid:[email protected]] David Lum Network System Admin, Information Services office 503-265-4728<tel:503-265-4728> | modahealth.com<http://www.modahealth.com/> I’m excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, [email protected]<mailto:[email protected]>, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. -- Thanks, Joe Matuscak | Director of Technology Rohrer Corporation | Office: 330-335-1541<tel:330-335-1541> 717 Seville Road | Wadsworth, Ohio 44281 www.rohrer.com<http://www.rohrer.com> | A Better Package
<<attachment: image001.png>>
<<attachment: image002.jpg>>
