Topic: signs of SSL attack

[William Wong]

Dear all,

May I know is /var/log/httpd/SSL_engine* the right place to look for signs of SSL attack ?

Furthermore,  are those messages below look supicious ?

Many thks in advance.

[29/Oct/2002 04:54:49 12421] [info]  Connection to child 0 established (server s
ecure.sdu.org:443, client xxx.xxx.xxx.xxx)
[29/Oct/2002 04:54:49 12421] [info]  Seeding PRNG with 1160 bytes of entropy
[29/Oct/2002 04:54:50 12422] [info]  Connection to child 1 established (server s
ecure.sdu.org:443, client xxx.xxx.xxx.xxx)
[29/Oct/2002 04:54:50 12422] [info]  Seeding PRNG with 1160 bytes of entropy
[29/Oct/2002 04:54:50 12423] [info]  Connection to child 2 established (server s
ecure.sdu.org:443, client xxx.xxx.xxx.xxx)
[29/Oct/2002 04:54:50 12423] [info]  Seeding PRNG with 1160 bytes of entropy
[29/Oct/2002 04:54:51 12424] [info]  Connection to child 3 established (server s

[29/Oct/2002 04:55:04 16133] [error] SSL handshake failed (server secure.sdu.org
:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
[29/Oct/2002 04:55:04 16133] [error] OpenSSL: error:1406B458:lib(20):func(107):r
eason(1112)
[29/Oct/2002 04:55:05 12421] [info]  Spurious SSL handshake interrupt[Hint: Usua
lly just one of those OpenSSL confusions!?]

[Craig]

I'm also getting quite a few of these which is worrying me as well.

What doesn't worry me, on the other hand, is the attepts to take control of my sever by trying to run "c:\winnt\cmd.exe" or similar!

Craig

[William Wong]

Hi there,

I am the original poster, and fyi, I am running 5.1.2 and with update3 installed. But still getting these unexplained messages (at least to me)

Perhaps, I should try to look for the documentation about these error.


Thks

William