Is this the right place to ask questions about the bugbear worm?
On a Sun box, we upgraded openssl to 0.9.6g because of the potential for the whole bugbear attack... I realize it's apparently targeted at linux, but better safe then sorry... well, we've started getting hit with what we think may be attacks... they're not getting through, but they cause apache to lock up... it's very strange... the situation seems to happen as follows: We get a couple http requests that return a "400" status... then the server stops serving requests... then EXACTLY (every time) 5 minutes later, to the second, we get a request that gives a 408 error from the same IP, then apache needs to be restarted before it accepts any further requests... until this morning, there has not been much information in the logs... but this morning, there were some entries in the ssl_engine_log that looked like this: [05/Oct/2002 02:55:42 00969] [error] SSL handshake timed out (client 66.46.213.130, server XXX.XXX.com:443) [05/Oct/2002 02:55:42 00969] [info] Connection to child 14 established (server YYY.YYY.com:443, client 66.46.213.130) [05/Oct/2002 02:55:42 00969] [info] Seeding PRNG with 1160 bytes of entropy [05/Oct/2002 02:55:42 00969] [error] SSL handshake failed (server YYY.YYY.com:443, client 66.46.213.130) (OpenSSL library error follows) [05/Oct/2002 02:55:42 00969] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long [05/Oct/2002 02:55:42 00969] [info] Connection to child 14 established (server XXX.XXX.com:443, client 66.46.213.130) [05/Oct/2002 02:55:42 00969] [info] Seeding PRNG with 1160 bytes of entropy 66.46.213.130 was the ip address that gave the 400's and 408 this time around (different IP each time)... If this is not the best place to ask about this, please point me in the right direction... I'm starting to sweat with my boss breathing down my next... this is a 24/7 production server, running critical web applications that internal and external customers access constantly... so any help towards an answer would be greatly appreciated... Thanks. Dan. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
