This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS signatures Meltdown/Spectre UTM?

Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown and Spectre)

https://community.sophos.com/kb/en-us/128053

"Sophos XG Firewall and Cyberoam IPS signatures have been added to protect against the specific CVE's and sample code outlined in the Spectre and Meltdown whitepapers, and we will continue to update the IPS patterns as new variants are discovered, however we still recommend patches be applied to all affected systems as soon as they are available."

What about IPS signatures for UTM?



This thread was automatically locked due to age.
Parents
  • <M> utm:/root # ips_patterninfo --sid 45357
    Reading IPS information..
     
    [45357] OS-OTHER Intel x86 side-channel analysis information leak attempt
    * will affect network traffic (drop)
    * was categorized as 'Malware'
    * [ENABLED] the rule is active

    <M> utm:/root # ips_patterninfo --sid 45368
    Reading IPS information..
     
    [45368] OS-OTHER Intel x64 side-channel analysis information leak attempt
    * will affect network traffic (drop)
    * was categorized as 'Malware'
    * [ENABLED] the rule is active

    https://www.snort.org/advisories/talos-rules-2018-01-04-1-4-2018

Reply
  • <M> utm:/root # ips_patterninfo --sid 45357
    Reading IPS information..
     
    [45357] OS-OTHER Intel x86 side-channel analysis information leak attempt
    * will affect network traffic (drop)
    * was categorized as 'Malware'
    * [ENABLED] the rule is active

    <M> utm:/root # ips_patterninfo --sid 45368
    Reading IPS information..
     
    [45368] OS-OTHER Intel x64 side-channel analysis information leak attempt
    * will affect network traffic (drop)
    * was categorized as 'Malware'
    * [ENABLED] the rule is active

    https://www.snort.org/advisories/talos-rules-2018-01-04-1-4-2018

Children
No Data