[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? Maybe [OT]

Subject: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? Maybe [OT]
From: "Fragga" <fragga@xxxxxxxxxxxx>
Date: Thu Oct 3 06:09:41 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

thats active monitor in those logs checking sendmails alive every 15 mins
......

----- Original Message -----
From: "Dave Thurman (Mailing List Email)" <listonly@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, October 03, 2002 6:46 AM
Subject: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? Maybe
[OT]


> on 10/3/02 6:15 AM, Gerald Waugh stated:
>
> >>> An hour later my logs came through and seen all this on them...
> >>>
> >>> Security Violations
> >>> =-=-=-=-=-=-=-=-=-=
> >>> [Thu Oct 3 19:41:20 2002] [error] mod_ssl: SSL handshake failed
(client
> >>> 209.241.254.195, server www.xxxxxxxxxxxxxx.co.nz:443) (OpenSSL library
> >>> error follows)
> >
> > This looks like a variant of the slapper worm!
> > 209.241.254.195 must be infected
>
> We have the update on one of our Raq4's and we have SSL, a self-signed
cert
> running and also running logcheck and haven't seen that yet. Of course
> doesn't mean after I send this it starts. Anyone else getting that, and if
> so is it the worm or a Cobalt feature??
>
> We do seem to have a new line in our logcheck after the update.
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Oct  3 05:15:02 office-150 sendmail[6972]: NOQUEUE: localhost [127.0.0.1]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> Oct  3 05:30:03 office-150 sendmail[7592]: NOQUEUE: localhost [127.0.0.1]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> Oct  3 05:45:03 office-150 sendmail[8215]: NOQUEUE: localhost [127.0.0.1]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> Oct  3 06:00:03 office-150 sendmail[8837]: NOQUEUE: localhost [127.0.0.1]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> Not sure why it started. We also had to restart portsentry manually for
> -udp, -tcp was started.
> --
> Thanks!!
> Dave Thurman
> The Web Presence Group / www.webpresencegroup.net
> Listonly <at> webpresencegroup.net / Spam Block 8^Q
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]
  - From: Dave Thurman (Mailing List Email)

Prev by Date: RE: [cobalt-users] Raqbackup Problem or CMU problem or Me!!
Next by Date: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]
Previous by thread: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]
Next by thread: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index