Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Aug 2004 00:08:03 +0200
From:      Sandor Berta <berta@beco.hu>
To:        freebsd-security@freebsd.org
Subject:   heavy load on port 443
Message-ID:  <411D3BC3.6050402@beco.hu>

next in thread | raw e-mail | index | archive | help
Hi,

While I was working, the follwing message flud the screen.

Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213 
to 200 packets per second

The /var/log/apache_ssl_engine.log started
to grow with similar messages:

[13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server 
www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
[13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL 
routines:GET_CLIENT_FINISHED:connection id is different
[13/Aug/2004 23:43:50 31633] [info]  Connection to child 38 established 
(server www.beco.hu:443, client 217.102.90.240)
[13/Aug/2004 23:43:50 31633] [info]  Seeding PRNG with 1160 bytes of entropy
[13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server 
www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
[13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL 
routines:GET_CLIENT_FINISHED:connection id is different

I don't have the output of the following command:
netstat -anfinet
but it showed a lot of connection from the above IP. on port 443.

Has any other effect of such attacks beside
filling the /var/log?

bye
Sandor Berta



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411D3BC3.6050402>