Jump to content


Photo
- - - - -

Anyone honeypotting the Heartbleed OpenSSL vuln?


  • Please log in to reply
3 replies to this topic

#1 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,669 posts
  • Gender:Male

Posted 08 April 2014 - 08:16 AM

http://www.heartbleed.com/

 

Get to patch a bunch of boxes and determine if RVM has used its own local copy of a vulnerable release today. Is anyone honeypotting for the attack? There have been a few calls for hackers to honeypot/monitor/record to try and determine if this is in the wild.



#2 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,669 posts
  • Gender:Male

Posted 08 April 2014 - 08:27 AM

In case there's doubts about severity: https://twitter.com/...510021930680320



#3 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,669 posts
  • Gender:Male

Posted 08 April 2014 - 08:59 AM

Modified the multi-site scanner to hit a single host:

 

https://github.com/c...ster/ssltest.py



#4 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,669 posts
  • Gender:Male

Posted 08 April 2014 - 07:30 PM

Quick and dirty Perl honeypot script:

 

https://github.com/c.../hb_honeypot.pl

 

Responds to all requests with seriously bogus SSL responses, but it's enough to make the Python demo scanner happy. Doesn't crash or log when hit by a browser or portscan. First honeypot script I've written myself :D






BinRev is hosted by the great people at Lunarpages!