Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Aug 2004 11:32:04 +1000 (EST)
From:      Neo-Vortex <root@Neo-Vortex.Ath.Cx>
To:        Sandor Berta <berta@beco.hu>
Cc:        freebsd-security@freebsd.org
Subject:   Re: heavy load on port 443
Message-ID:  <20040814113142.H79402@Neo-Vortex.Ath.Cx>
In-Reply-To: <411D3BC3.6050402@beco.hu>
References:  <411D3BC3.6050402@beco.hu>

next in thread | previous in thread | raw e-mail | index | archive | help
more than likely someone is portscanning you... thats all...

On Sat, 14 Aug 2004, Sandor Berta wrote:

> Hi,
>
> While I was working, the follwing message flud the screen.
>
> Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213
> to 200 packets per second
>
> The /var/log/apache_ssl_engine.log started
> to grow with similar messages:
>
> [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server
> www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
> [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL
> routines:GET_CLIENT_FINISHED:connection id is different
> [13/Aug/2004 23:43:50 31633] [info]  Connection to child 38 established
> (server www.beco.hu:443, client 217.102.90.240)
> [13/Aug/2004 23:43:50 31633] [info]  Seeding PRNG with 1160 bytes of entropy
> [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server
> www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
> [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL
> routines:GET_CLIENT_FINISHED:connection id is different
>
> I don't have the output of the following command:
> netstat -anfinet
> but it showed a lot of connection from the above IP. on port 443.
>
> Has any other effect of such attacks beside
> filling the /var/log?
>
> bye
> Sandor Berta
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040814113142.H79402>