From owner-freebsd-security@FreeBSD.ORG Sat Aug 14 01:32:20 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51D5E16A4CE for ; Sat, 14 Aug 2004 01:32:20 +0000 (GMT) Received: from Neo-Vortex.Ath.Cx (203-206-229-73.dyn.iinet.net.au [203.206.229.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17A9343D3F for ; Sat, 14 Aug 2004 01:32:19 +0000 (GMT) (envelope-from root@Neo-Vortex.Ath.Cx) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id i7E1W4gC079639; Sat, 14 Aug 2004 11:32:07 +1000 (EST) (envelope-from root@Neo-Vortex.Ath.Cx) Date: Sat, 14 Aug 2004 11:32:04 +1000 (EST) From: Neo-Vortex To: Sandor Berta In-Reply-To: <411D3BC3.6050402@beco.hu> Message-ID: <20040814113142.H79402@Neo-Vortex.Ath.Cx> References: <411D3BC3.6050402@beco.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: heavy load on port 443 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Aug 2004 01:32:20 -0000 more than likely someone is portscanning you... thats all... On Sat, 14 Aug 2004, Sandor Berta wrote: > Hi, > > While I was working, the follwing message flud the screen. > > Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213 > to 200 packets per second > > The /var/log/apache_ssl_engine.log started > to grow with similar messages: > > [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server > www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) > [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL > routines:GET_CLIENT_FINISHED:connection id is different > [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established > (server www.beco.hu:443, client 217.102.90.240) > [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy > [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server > www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) > [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL > routines:GET_CLIENT_FINISHED:connection id is different > > I don't have the output of the following command: > netstat -anfinet > but it showed a lot of connection from the above IP. on port 443. > > Has any other effect of such attacks beside > filling the /var/log? > > bye > Sandor Berta > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >