heavy load on port 443

• Previous message: Gregory Kuhn: "Re: sequences in the auth.log"
• Next in thread: Neo-Vortex: "Re: heavy load on port 443"
• Reply: Neo-Vortex: "Re: heavy load on port 443"
• Reply: Neo-Vortex: "Re: heavy load on port 443"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 14 Aug 2004 00:08:03 +0200
To: freebsd-security@freebsd.org

Hi,

While I was working, the follwing message flud the screen.

Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213
to 200 packets per second

The /var/log/apache_ssl_engine.log started
to grow with similar messages:

[13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server
www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
[13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different
[13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established
(server www.beco.hu:443, client 217.102.90.240)
[13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy
[13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server
www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
[13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different

I don't have the output of the following command:
netstat -anfinet
but it showed a lot of connection from the above IP. on port 443.

Has any other effect of such attacks beside
filling the /var/log?

bye
Sandor Berta

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Gregory Kuhn: "Re: sequences in the auth.log"
• Next in thread: Neo-Vortex: "Re: heavy load on port 443"
• Reply: Neo-Vortex: "Re: heavy load on port 443"
• Reply: Neo-Vortex: "Re: heavy load on port 443"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages OpenSSL Failure in RH7.3 ... When I try to go to my https site, it fails and this is in the error log ... client 192.168.0.201) (OpenSSL library error follows) ... (RedHat) openssl attack ... Is this an attack on my server using ... client xxx.xxx.xxx.xxx) (OpenSSL library error follows) ... (comp.os.linux.security)