new errors in log files

new errors in log files

am 02.10.2002 19:41:13 von Jeff Bert

Hi, i'm new to this list and I upgraded to mod-ssl/2.8.10 and OpenSSL/0.9.6g
a couple of weeks ago and i've just started seeing a bunch of new errors in
my logs this last week. I have no clue whether they are hack attempts or
errors in my setup:

ssl-error_log:
[Wed Oct 2 00:43:47 2002] [error] mod_ssl: SSL handshake failed (server
www.mycom.com:443, client 202.125.137.145) (OpenSSL library error follows)
[Wed Oct 2 00:43:47 2002] [error] OpenSSL: error:1406B458:SSL
routines:GET_CLIENT_MASTER_KEY:key arg too long

ssl-engine_log:
[02/Oct/2002 00:43:07 02011] [info] Connection to child 2 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:07 02011] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:08 02010] [info] Connection to child 1 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:08 02010] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:09 02025] [info] Connection to child 7 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:09 02025] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:10 02022] [info] Connection to child 5 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:10 02022] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:16 02024] [info] Connection to child 6 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:16 02024] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:19 02028] [info] Connection to child 9 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:19 02028] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:20 02027] [info] Connection to child 8 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:20 02027] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:21 02013] [info] Connection to child 4 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:21 02013] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:21 02012] [info] Connection to child 3 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:21 02012] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:22 02009] [info] Connection to child 0 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:22 02009] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:22 16722] [info] Connection to child 10 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:22 16722] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:23 16723] [info] Connection to child 11 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:23 16723] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:24 16724] [info] Connection to child 12 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:24 16724] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:25 16725] [info] Connection to child 13 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:25 16725] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:26 16726] [info] Connection to child 14 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:26 16726] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:27 16727] [info] Connection to child 15 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:27 16727] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:28 16728] [info] Connection to child 16 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:28 16728] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:29 16729] [info] Connection to child 17 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:29 16729] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:38 16731] [info] Connection to child 19 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:38 16731] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:39 16732] [info] Connection to child 20 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:39 16732] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:40 16733] [info] Connection to child 21 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:40 16733] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:45 16734] [info] Connection to child 22 established
(server www.mycom.com:443, client 202.125.137.145)
[02/Oct/2002 00:43:45 16734] [info] Seeding PRNG with 1160 bytes of entropy
[02/Oct/2002 00:43:47 16733] [error] SSL handshake failed (server
www.mycom.com:443, client 202.125.137.145) (OpenSSL library er
or follows)
[02/Oct/2002 00:43:47 16733] [error] OpenSSL: error:1406B458:SSL
routines:GET_CLIENT_MASTER_KEY:key arg too long
[02/Oct/2002 00:43:52 02022] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 02028] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 02013] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 02012] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 02009] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16722] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16723] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16724] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16725] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16726] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16727] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16728] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16729] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16731] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:52 16732] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:53 02027] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:53 02011] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:53 02010] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:53 02025] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:43:53 16734] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[02/Oct/2002 00:45:16 02024] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]

www-access_log:
202.125.137.145 - - [02/Oct/2002:00:43:04 -0700] "GET / HTTP/1.1" 400 307

www-error_log:
[Wed Oct 2 00:43:04 2002] [error] [client 202.125.137.145] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /

so should I be:

concerned?
happy that I upgraded?
or oblivious to this?

and are these hack attempts?

Thanks,

Jeff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: new errors in log files

am 03.10.2002 19:45:15 von KenC

Jeff:

I am new to Open-SSL and Mod-SSL, infact I'm so new I haven't even attempted
to install them yet because I'm still reading over everything..

I've been watching these lists for a while and have gotten alot of good tips
from them.

I assure you, if "anybody" knows a answer to your problem, you'll get a
responce..
----- Original Message -----
From: "Jeff Bert"
To:
Sent: Thursday, October 03, 2002 1:51 PM
Subject: Re: new errors in log files


> Would someone please respond to this question?
>
> Jeff
>
>
> > Hi, i'm new to this list and I upgraded to mod-ssl/2.8.10 and
> OpenSSL/0.9.6g
> > a couple of weeks ago and i've just started seeing a bunch of new errors
> in
> > my logs this last week. I have no clue whether they are hack attempts
or
> > errors in my setup:
> >
> > ssl-error_log:
> > [Wed Oct 2 00:43:47 2002] [error] mod_ssl: SSL handshake failed (server
> > www.mycom.com:443, client 202.125.137.145) (OpenSSL library error
follows)
> > [Wed Oct 2 00:43:47 2002] [error] OpenSSL: error:1406B458:SSL
> > routines:GET_CLIENT_MASTER_KEY:key arg too long
> >
> > ssl-engine_log:
> > [02/Oct/2002 00:43:07 02011] [info] Connection to child 2 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:07 02011] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:08 02010] [info] Connection to child 1 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:08 02010] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:09 02025] [info] Connection to child 7 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:09 02025] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:10 02022] [info] Connection to child 5 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:10 02022] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:16 02024] [info] Connection to child 6 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:16 02024] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:19 02028] [info] Connection to child 9 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:19 02028] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:20 02027] [info] Connection to child 8 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:20 02027] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:21 02013] [info] Connection to child 4 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:21 02013] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:21 02012] [info] Connection to child 3 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:21 02012] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:22 02009] [info] Connection to child 0 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:22 02009] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:22 16722] [info] Connection to child 10 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:22 16722] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:23 16723] [info] Connection to child 11 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:23 16723] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:24 16724] [info] Connection to child 12 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:24 16724] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:25 16725] [info] Connection to child 13 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:25 16725] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:26 16726] [info] Connection to child 14 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:26 16726] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:27 16727] [info] Connection to child 15 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:27 16727] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:28 16728] [info] Connection to child 16 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:28 16728] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:29 16729] [info] Connection to child 17 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:29 16729] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:38 16731] [info] Connection to child 19 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:38 16731] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:39 16732] [info] Connection to child 20 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:39 16732] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:40 16733] [info] Connection to child 21 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:40 16733] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:45 16734] [info] Connection to child 22 established
> > (server www.mycom.com:443, client 202.125.137.145)
> > [02/Oct/2002 00:43:45 16734] [info] Seeding PRNG with 1160 bytes of
> entropy
> > [02/Oct/2002 00:43:47 16733] [error] SSL handshake failed (server
> > www.mycom.com:443, client 202.125.137.145) (OpenSSL library er
> > or follows)
> > [02/Oct/2002 00:43:47 16733] [error] OpenSSL: error:1406B458:SSL
> > routines:GET_CLIENT_MASTER_KEY:key arg too long
> > [02/Oct/2002 00:43:52 02022] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 02028] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 02013] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 02012] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 02009] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16722] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16723] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16724] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16725] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16726] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16727] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16728] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16729] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16731] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:52 16732] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:53 02027] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:53 02011] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:53 02010] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:53 02025] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:43:53 16734] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> > [02/Oct/2002 00:45:16 02024] [info] Spurious SSL handshake
> interrupt[Hint:
> > Usually just one of those OpenSSL confusions!?]
> >
> > www-access_log:
> > 202.125.137.145 - - [02/Oct/2002:00:43:04 -0700] "GET / HTTP/1.1" 400
307
> >
> > www-error_log:
> > [Wed Oct 2 00:43:04 2002] [error] [client 202.125.137.145] client sent
> > HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> >
> > so should I be:
> >
> > concerned?
> > happy that I upgraded?
> > or oblivious to this?
> >
> > and are these hack attempts?
> >
> > Thanks,
> >
> > Jeff
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: new errors in log files

am 03.10.2002 19:51:01 von Jeff Bert

Would someone please respond to this question?

Jeff


> Hi, i'm new to this list and I upgraded to mod-ssl/2.8.10 and
OpenSSL/0.9.6g
> a couple of weeks ago and i've just started seeing a bunch of new errors
in
> my logs this last week. I have no clue whether they are hack attempts or
> errors in my setup:
>
> ssl-error_log:
> [Wed Oct 2 00:43:47 2002] [error] mod_ssl: SSL handshake failed (server
> www.mycom.com:443, client 202.125.137.145) (OpenSSL library error follows)
> [Wed Oct 2 00:43:47 2002] [error] OpenSSL: error:1406B458:SSL
> routines:GET_CLIENT_MASTER_KEY:key arg too long
>
> ssl-engine_log:
> [02/Oct/2002 00:43:07 02011] [info] Connection to child 2 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:07 02011] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:08 02010] [info] Connection to child 1 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:08 02010] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:09 02025] [info] Connection to child 7 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:09 02025] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:10 02022] [info] Connection to child 5 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:10 02022] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:16 02024] [info] Connection to child 6 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:16 02024] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:19 02028] [info] Connection to child 9 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:19 02028] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:20 02027] [info] Connection to child 8 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:20 02027] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:21 02013] [info] Connection to child 4 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:21 02013] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:21 02012] [info] Connection to child 3 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:21 02012] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:22 02009] [info] Connection to child 0 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:22 02009] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:22 16722] [info] Connection to child 10 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:22 16722] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:23 16723] [info] Connection to child 11 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:23 16723] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:24 16724] [info] Connection to child 12 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:24 16724] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:25 16725] [info] Connection to child 13 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:25 16725] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:26 16726] [info] Connection to child 14 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:26 16726] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:27 16727] [info] Connection to child 15 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:27 16727] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:28 16728] [info] Connection to child 16 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:28 16728] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:29 16729] [info] Connection to child 17 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:29 16729] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:38 16731] [info] Connection to child 19 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:38 16731] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:39 16732] [info] Connection to child 20 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:39 16732] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:40 16733] [info] Connection to child 21 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:40 16733] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:45 16734] [info] Connection to child 22 established
> (server www.mycom.com:443, client 202.125.137.145)
> [02/Oct/2002 00:43:45 16734] [info] Seeding PRNG with 1160 bytes of
entropy
> [02/Oct/2002 00:43:47 16733] [error] SSL handshake failed (server
> www.mycom.com:443, client 202.125.137.145) (OpenSSL library er
> or follows)
> [02/Oct/2002 00:43:47 16733] [error] OpenSSL: error:1406B458:SSL
> routines:GET_CLIENT_MASTER_KEY:key arg too long
> [02/Oct/2002 00:43:52 02022] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 02028] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 02013] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 02012] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 02009] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16722] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16723] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16724] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16725] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16726] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16727] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16728] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16729] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16731] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:52 16732] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:53 02027] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:53 02011] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:53 02010] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:53 02025] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:43:53 16734] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
> [02/Oct/2002 00:45:16 02024] [info] Spurious SSL handshake
interrupt[Hint:
> Usually just one of those OpenSSL confusions!?]
>
> www-access_log:
> 202.125.137.145 - - [02/Oct/2002:00:43:04 -0700] "GET / HTTP/1.1" 400 307
>
> www-error_log:
> [Wed Oct 2 00:43:04 2002] [error] [client 202.125.137.145] client sent
> HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
>
> so should I be:
>
> concerned?
> happy that I upgraded?
> or oblivious to this?
>
> and are these hack attempts?
>
> Thanks,
>
> Jeff
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: new errors in log files

am 03.10.2002 22:02:43 von Joe Orton

On Wed, Oct 02, 2002 at 10:41:13AM -0700, Jeff Bert wrote:
> Hi, i'm new to this list and I upgraded to mod-ssl/2.8.10 and OpenSSL/0.9.6g
> a couple of weeks ago and i've just started seeing a bunch of new errors in
> my logs this last week. I have no clue whether they are hack attempts or
> errors in my setup:
>
> ssl-error_log:
> [Wed Oct 2 00:43:47 2002] [error] mod_ssl: SSL handshake failed (server
> www.mycom.com:443, client 202.125.137.145) (OpenSSL library error follows)
> [Wed Oct 2 00:43:47 2002] [error] OpenSSL: error:1406B458:SSL
> routines:GET_CLIENT_MASTER_KEY:key arg too long

Yes, this is someone trying but failing to exploit the vulnerability in
earlier versions of OpenSSL (probably the Slapper worm). You can also
ignore the "interrupted handshake" warnings too if you were worried
about them, they're quite normal on production servers.

joe

--
Joe Orton, Red Hat Europe, Stronghold Engineering

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org