Uhhhhhhh last time I checked bugbear was a virus infecting M$ Lookout users. Don't think it runs against Linux.
At 20:51 5-10-02 -0400, [EMAIL PROTECTED] wrote: >Is this the right place to ask questions about the bugbear worm? > >On a Sun box, we upgraded openssl to 0.9.6g because of the potential >for the whole bugbear attack... I realize it's apparently targeted >at linux, but better safe then sorry... well, we've started getting >hit with what we think may be attacks... they're not getting through, >but they cause apache to lock up... it's very strange... the situation >seems to happen as follows: > >We get a couple http requests that return a "400" status... then the >server stops serving requests... then EXACTLY (every time) 5 minutes >later, to the second, we get a request that gives a 408 error from >the same IP, then apache needs to be restarted before it accepts any >further requests... > >until this morning, there has not been much information in the logs... >but this morning, there were some entries in the ssl_engine_log that >looked like this: > >[05/Oct/2002 02:55:42 00969] [error] SSL handshake timed out (client >66.46.213.130, server XXX.XXX.com:443) >[05/Oct/2002 02:55:42 00969] [info] Connection to child 14 established >(server YYY.YYY.com:443, client 66.46.213.130) >[05/Oct/2002 02:55:42 00969] [info] Seeding PRNG with 1160 bytes of entropy >[05/Oct/2002 02:55:42 00969] [error] SSL handshake failed (server >YYY.YYY.com:443, client 66.46.213.130) (OpenSSL library error follows) >[05/Oct/2002 02:55:42 00969] [error] OpenSSL: error:1406B458:SSL >routines:GET_CLIENT_MASTER_KEY:key arg too long >[05/Oct/2002 02:55:42 00969] [info] Connection to child 14 established >(server XXX.XXX.com:443, client 66.46.213.130) >[05/Oct/2002 02:55:42 00969] [info] Seeding PRNG with 1160 bytes of entropy > >66.46.213.130 was the ip address that gave the 400's and 408 this >time around (different IP each time)... > >If this is not the best place to ask about this, please point me in >the right direction... I'm starting to sweat with my boss breathing >down my next... this is a 24/7 production server, running critical >web applications that internal and external customers access >constantly... so any help towards an answer would be greatly >appreciated... > >Thanks. >Dan. > > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
