(Vi) (Draft) POODLE Exploiting The SSL 3.0 Fallback
Posted on January 26, 2023
by lk
Overview
Nếu “vô tình” trong server log có dòng log sau:
172.104.11.34 - - [25/Jan/2023:22:09:51 +0700] "\x16\x03\x01\x00\x85\x01\x00\x00\x81\x03\x03\xEF\x9E\xE6\xA3\xE4\x7FH`\xC6\xA0\xFC\xCB{]\x16\xD6\x91\x8B\x97\xC3\x99\xAA\x08\xE2\xAC*H,7\x8AJ\x82\x00\x00 \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x13\xC0\x09\xC0\x14\xC0" 400 157 "-" "-" "-"
Thì “có thể” đang bị dò để tấn công kiểu “POODLE”. Cách tốt nhất theo khuyến cáo là ko nên dùng SSL 3.0 (nên disable).
Refs:
- https://bountify.co/hacking-attempts-detected-in-access-log-need-help-decrypting
- https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
- https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://github.com/emintham/Papers/blob/master/Duong%2CRizzo-%20Here%20Come%20the%20XOR%20Ninjas.pdf
- https://github.com/nabla-c0d3/sslyze