Hi, While I was working, the follwing message flud the screen. Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213 to 200 packets per second The /var/log/apache_ssl_engine.log started to grow with similar messages: [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL routines:GET_CLIENT_FINISHED:connection id is different [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established (server www.beco.hu:443, client 217.102.90.240) [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL routines:GET_CLIENT_FINISHED:connection id is different I don't have the output of the following command: netstat -anfinet but it showed a lot of connection from the above IP. on port 443. Has any other effect of such attacks beside filling the /var/log? bye Sandor Berta
more than likely someone is portscanning you... thats all... On Sat, 14 Aug 2004, Sandor Berta wrote:> Hi, > > While I was working, the follwing message flud the screen. > > Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213 > to 200 packets per second > > The /var/log/apache_ssl_engine.log started > to grow with similar messages: > > [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server > www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) > [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL > routines:GET_CLIENT_FINISHED:connection id is different > [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established > (server www.beco.hu:443, client 217.102.90.240) > [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy > [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server > www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) > [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL > routines:GET_CLIENT_FINISHED:connection id is different > > I don't have the output of the following command: > netstat -anfinet > but it showed a lot of connection from the above IP. on port 443. > > Has any other effect of such attacks beside > filling the /var/log? > > bye > Sandor Berta > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
oh, almost forgot, it could also be nessus or some other security scanner scanning your box too On Sat, 14 Aug 2004, Sandor Berta wrote:> Hi, > > While I was working, the follwing message flud the screen. > > Aug 13 23:32:28 www /kernel: Limiting closed port RST response from 213 > to 200 packets per second > > The /var/log/apache_ssl_engine.log started > to grow with similar messages: > > [13/Aug/2004 23:43:49 66440] [error] SSL handshake failed (server > www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) > [13/Aug/2004 23:43:49 66440] [error] OpenSSL: error:1406908F:SSL > routines:GET_CLIENT_FINISHED:connection id is different > [13/Aug/2004 23:43:50 31633] [info] Connection to child 38 established > (server www.beco.hu:443, client 217.102.90.240) > [13/Aug/2004 23:43:50 31633] [info] Seeding PRNG with 1160 bytes of entropy > [13/Aug/2004 23:43:51 31633] [error] SSL handshake failed (server > www.beco.hu:443, client 217.102.90.240) (OpenSSL library error follows) > [13/Aug/2004 23:43:51 31633] [error] OpenSSL: error:1406908F:SSL > routines:GET_CLIENT_FINISHED:connection id is different > > I don't have the output of the following command: > netstat -anfinet > but it showed a lot of connection from the above IP. on port 443. > > Has any other effect of such attacks beside > filling the /var/log? > > bye > Sandor Berta > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >