heavy load on port 443
Sandor Berta
berta at beco.hu
Fri Aug 13 15:08:10 PDT 2004
Hi,
While I was working, the follwing message flud the screen.
Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213
to 200 packets per second
The /var/log/apache_ssl_engine.log started
to grow with similar messages:
[13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server
www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
[13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different
[13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established
(server www.beco.hu:443, client 217.102.90.240)
[13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy
[13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server
www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
[13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different
I don't have the output of the following command:
netstat -anfinet
but it showed a lot of connection from the above IP. on port 443.
Has any other effect of such attacks beside
filling the /var/log?
bye
Sandor Berta
More information about the freebsd-security
mailing list