<div dir="ltr"><div class="gmail_default"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><i><b>Possible solution :</b></i><br></span></font>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>- Disable
SSLv2</b></span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">Network administrators
should disable SSLv2 support. The researchers have provided more information on
how to disable SSLv2 for various server products.</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">Network administrators can
determine if a server supports SSLv2 with the following command:</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">openssls_client -connect
host:443 -ssl2</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">If certificate information
is returned, then SSLv2 is supported.</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">SSLv2 has been deprecated
since 2011.</span></font></p><p style="line-height:16.9pt;vertical-align:baseline">

</p><p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>- Do
not reuse SSL certificates or key material</b></span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">This issue can be mitigated
on TLS connections by using unique SSL keys and certificates. If possible, do
not reuse key material or certificates between SSLv2 and TLS support on
multiple servers.</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>- Monitor
network and use firewall rules</b></span></font></p>

<font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="line-height:115%">Recommend enabling firewall rules to block
SSLv2 traffic. Since the attack requires approximately 1000 SSL handshakes,
network administrators may also monitor logs to look for repeated connection
attempts. However, this data may also be obtained via man-in-the-middle or
other attacks, not solely from direct connections.</span><br><br><br><br></span></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><b><font size="2">Stay secure ;\</font></b><br><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 2, 2016 at 6:02 PM, Anurag Bhatia <span dir="ltr"><<a href="mailto:me@anuragbhatia.com" target="_blank">me@anuragbhatia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Interesting (and scary!)<div><br></div><div><br></div><div><br></div><div>Thanks for sharing Jahangir. </div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Thu, Mar 3, 2016 at 12:28 AM, Jahangir Hossain <span dir="ltr"><<a href="mailto:jrjahangir@gmail.com" target="_blank">jrjahangir@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">Dear members ,<br><br>Network traffic encrypted using an RSA-based SSL certificate may be 
decrypted if enough SSLv2 handshake data can be collected. Exploitation 
of this vulnerability - referred to as DROWN in public reporting - may 
allow a remote attacker to obtain the private key of a server supporting
 SSLv2.<br clear="all"></font></div><font size="2"><br></font><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">​For more information please visit ,<br><br></font>

<p class="MsoNormal"><font size="2"><a href="https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack" target="_blank"><span style="line-height:115%">https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack</span></a><span style="line-height:115%"></span></font></p>

<p class="MsoNormal"><font size="2"><a href="https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory" target="_blank"><span style="line-height:115%">https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory</span></a><span style="line-height:115%"></span></font></p>

<font size="2">​</font></div><br><br><br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><i><font size="2"><span style="font-family:arial,helvetica,sans-serif">Regards / Jahangir</span></font></i><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><i><font size="2">​ | Open Comm​</font></i></div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br></div></div>_______________________________________________<br>
nog mailing list<br>
<a href="mailto:nog@bdnog.org" target="_blank">nog@bdnog.org</a><br>
<a href="http://mailman.bdnog.org/mailman/listinfo/nog" rel="noreferrer" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><font face="arial, helvetica, sans-serif"><br></font></div><div><br></div><font face="arial, helvetica, sans-serif">Anurag Bhatia<br></font><div></div><div><font face="arial, helvetica, sans-serif"><a href="http://anuragbhatia.com" target="_blank">anuragbhatia.com</a></font></div></div></div></div></div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><i><span style="font-family:arial,helvetica,sans-serif">Regards / Jahangir</span></i><br></div></div><br><div><div><div>     <br><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>