[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]
- Subject: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]
- From: "Dave Thurman (Mailing List Email)" <listonly@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu Oct 3 04:54:04 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
on 10/3/02 6:15 AM, Gerald Waugh stated:
>>> An hour later my logs came through and seen all this on them...
>>>
>>> Security Violations
>>> =-=-=-=-=-=-=-=-=-=
>>> [Thu Oct 3 19:41:20 2002] [error] mod_ssl: SSL handshake failed (client
>>> 209.241.254.195, server www.xxxxxxxxxxxxxx.co.nz:443) (OpenSSL library
>>> error follows)
>
> This looks like a variant of the slapper worm!
> 209.241.254.195 must be infected
We have the update on one of our Raq4's and we have SSL, a self-signed cert
running and also running logcheck and haven't seen that yet. Of course
doesn't mean after I send this it starts. Anyone else getting that, and if
so is it the worm or a Cobalt feature??
We do seem to have a new line in our logcheck after the update.
Security Violations
=-=-=-=-=-=-=-=-=-=
Oct 3 05:15:02 office-150 sendmail[6972]: NOQUEUE: localhost [127.0.0.1]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 3 05:30:03 office-150 sendmail[7592]: NOQUEUE: localhost [127.0.0.1]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 3 05:45:03 office-150 sendmail[8215]: NOQUEUE: localhost [127.0.0.1]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 3 06:00:03 office-150 sendmail[8837]: NOQUEUE: localhost [127.0.0.1]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Not sure why it started. We also had to restart portsentry manually for
-udp, -tcp was started.
--
Thanks!!
Dave Thurman
The Web Presence Group / www.webpresencegroup.net
Listonly <at> webpresencegroup.net / Spam Block 8^Q