He was also proven wrong on the Full Disclosure list but he seems to be pushing this everywhere he can find an audience for some reason.
-----Original Message----- From: Nick Hilliard [mailto:n...@foobar.org] Sent: Thursday, April 10, 2014 6:13 AM To: Fabien Bourdaire; nanog@nanog.org Subject: Re: CVE-2014-0160 mitigation using iptables On 09/04/2014 11:07, Fabien Bourdaire wrote: > Following up on the CVE-2014-0160 vulnerability, heartbleed. We've > created some iptables rules to block all heartbeat queries using the > very powerful u32 module. as someone pointed out on the UKNOF mailing list yesterday, you make a number of assumptions in this ruleset which are not necessarily valid. Please do not claim that this ruleset blocks all heartbeat queries because it does not. Nick
