Can anyone disclose if and which Adtran Netvanta products are affected by Heartbleed?
I would like to prepare for when our customers start calling.
You can find out more information in regards to Adtran products affected by heartbleed through the recent ADTRAN Heartbleed Advisory.
General security advisories are also posted on our support community in the section.
You can test for this yourself, nothing here the bad guys don't already have:
TCP Filter data needed to spot heartbleed:
Detect successful #heartbleed attacks with tshark:
tshark -i eth0 -R "ssl.record.content_type eq 24 and not ssl.heartbeat_message.type"
SNORT rules necessary to spot heartbleed:
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
NMAP NSE Script/Thread for mass scanning/detecting:
http://seclists.org/nmap-dev/2014/q2/22
Metasploit Module for it:
github.com/rapid7/metasploit-framework/pull/3206/files
Manual tool for validating:
http://gobuild.io/download/github.com/titanous/heartbleeder
Python based mass scanning tool:
More general info here: Heartbleed Bug
Thanks for that variety of tools, jayh! We used the NMAP script to confirm that vWLAN ver 2.4.0.12 is vulnerable. AOS-based products appear to be fine. Just checked my email alert subscription for Bluesocket firmware updates! I'm not sure about UC/voice products or any other of ADTRAN's many lines.
Perhaps it would be safest to block TCP 443 from the outside if you run vWLAN until it's patched. Management would be isolated to administrators local to the controller to mitigate the issue in the short term.
CJ
You can find out more information in regards to Adtran products affected by heartbleed through the recent ADTRAN Heartbleed Advisory.
General security advisories are also posted on our support community in the section.