Date: Sat, 14 Aug 2004 00:08:03 +0200 From: Sandor Berta <berta@beco.hu> To: freebsd-security@freebsd.org Subject: heavy load on port 443 Message-ID: <411D3BC3.6050402@beco.hu>
next in thread | raw e-mail | index | archive | help
Hi, While I was working, the follwing message flud the screen. Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213 to 200 packets per second The /var/log/apache_ssl_engine.log started to grow with similar messages: [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL routines:GET_CLIENT_FINISHED:connection id is different [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established (server www.beco.hu:443, client 217.102.90.240) [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL routines:GET_CLIENT_FINISHED:connection id is different I don't have the output of the following command: netstat -anfinet but it showed a lot of connection from the above IP. on port 443. Has any other effect of such attacks beside filling the /var/log? bye Sandor Berta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411D3BC3.6050402>