Re: heavy load on port 443
From: Neo-Vortex (root_at_Neo-Vortex.Ath.Cx)
Date: 08/14/04
- Previous message: Sandor Berta: "heavy load on port 443"
- In reply to: Sandor Berta: "heavy load on port 443"
- Next in thread: Neo-Vortex: "Re: heavy load on port 443"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 Aug 2004 11:32:04 +1000 (EST) To: Sandor Berta <berta@beco.hu>
more than likely someone is portscanning you... thats all...
On Sat, 14 Aug 2004, Sandor Berta wrote:
> Hi,
>
> While I was working, the follwing message flud the screen.
>
> Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213
> to 200 packets per second
>
> The /var/log/apache_ssl_engine.log started
> to grow with similar messages:
>
> [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server
> www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
> [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL
> routines:GET_CLIENT_FINISHED:connection id is different
> [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established
> (server www.beco.hu:443, client 217.102.90.240)
> [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy
> [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server
> www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
> [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL
> routines:GET_CLIENT_FINISHED:connection id is different
>
> I don't have the output of the following command:
> netstat -anfinet
> but it showed a lot of connection from the above IP. on port 443.
>
> Has any other effect of such attacks beside
> filling the /var/log?
>
> bye
> Sandor Berta
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Sandor Berta: "heavy load on port 443"
- In reply to: Sandor Berta: "heavy load on port 443"
- Next in thread: Neo-Vortex: "Re: heavy load on port 443"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
