heavy load on port 443
Neo-Vortex
root at Neo-Vortex.Ath.Cx
Fri Aug 13 18:32:57 PDT 2004
oh, almost forgot, it could also be nessus or some other security scanner
scanning your box too
On Sat, 14 Aug 2004, Sandor Berta wrote:
> Hi,
>
> While I was working, the follwing message flud the screen.
>
> Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213
> to 200 packets per second
>
> The /var/log/apache_ssl_engine.log started
> to grow with similar messages:
>
> [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server
> www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
> [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL
> routines:GET_CLIENT_FINISHED:connection id is different
> [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established
> (server www.beco.hu:443, client 217.102.90.240)
> [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy
> [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server
> www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows)
> [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL
> routines:GET_CLIENT_FINISHED:connection id is different
>
> I don't have the output of the following command:
> netstat -anfinet
> but it showed a lot of connection from the above IP. on port 443.
>
> Has any other effect of such attacks beside
> filling the /var/log?
>
> bye
> Sandor Berta
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list