I was wondering if it would be possible to detect the openssl
heartbleed attack.
In this site are details & some scripts to test this attack
[http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/](http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/)
I found a suricata sollution
[http://blog.inliniac.net/2014/04/08/detecting-openssl-heartbleed-with-suricata/](http://blog.inliniac.net/2014/04/08/detecting-openssl-heartbleed-with-suricata/)
Maybe someone has such a script for bro ?
We just wrote a blog post about this.
See http://blog.bro.org/2014/04/detecting-heartbleed-bug-using-bro.html
Johanna