heartbleed patterns ?
mike tancsa
mike at sentex.ca
Sun Apr 13 07:14:10 EDT 2014
On 4/13/2014 7:06 AM, el draco wrote:
>
> Based on Carter's and John's presentation "PCR - A New Flow Metric", I
> can see that a lot of traffic has these peaks near -1 and 0 values, so
> maybe it is not easy to differentiate the attack.
> And of course, this data was obtained by looping the attack for
> several minutes. If there are only few requests, they may no easy to
> detect.
Thankfully, it took quite a few requests (at least in this instance) to
the point where the private key was recovered
http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
Its not clear however if a busy server makes it easier or harder. I
suspect with a busy server, like a mail or imap server, you will see
more usernames and passwords
---Mike
More information about the argus
mailing list