Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: What I think is a DoS attack
Special Forums Cybersecurity What I think is a DoS attack Post 302389063 by ccj4467 on Friday 22nd of January 2010 12:41:04 PM
Old 01-22-2010
What I think is a DoS attack
About 3 days ago our Apache logs started filling with the following errors:
Code:
[Fri Jan 22 12:20:38 2010] [error] mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
[Fri Jan 22 12:20:38 2010] [error] OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified

These initially were happening at rate of about 3000 per minute and we started blocking IP addresses at our firewall. The rate has no dropped to about 500 per minute. The problem is the IP addresses are relatively random and we do not have the manpower to keep adding IP address continuely to the firewall ( in the last 24 hours there were over 100,000 individual IPs). We also are hesitant to block large IP ranges.

My question is:

Is there some kind tool that can be installed on our firewall that could catch these requests before they reach our webservers?

The firewall is an OpenBSD machine.

This problem has been affecting connectivity to our webservers.
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Bruteforce attack on my pc

since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise: this is just one of a many and I beleived it's a bruteforce attack how do i block this IP 200.41.81.228 from trying to knock my online pc? my system: FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies

2. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies

3. Linux

dos-path / un-dos-path compatibility with cygwin

Hello ; I have a problem running some script on dos . when i run : C: ls /temp ls: cannot access /temp: No such file or directory but when i run C: ls \temp windriver backup remotebackup also when i run C: ls temp windriver backup remotebackup The... (4 Replies)
Discussion started by: mulder20
4 Replies

4. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

5. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

6. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

LEARN ABOUT OPENDARWIN

ssl_connect

SSL_connect(3)							      OpenSSL							    SSL_connect(3)

NAME

       SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server

SYNOPSIS

	#include <openssl/ssl.h>

	int SSL_connect(SSL *ssl);

DESCRIPTION

       SSL_connect() initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the ssl
       by setting an underlying BIO.

NOTES

       The behaviour of SSL_connect() depends on the underlying BIO.

       If the underlying BIO is blocking, SSL_connect() will only return once the handshake has been finished or an error occurred.

       If the underlying BIO is non-blocking, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect()
       to continue the handshake, indicating the problem by the return value -1.  In this case a call to SSL_get_error() with the return value of
       SSL_connect() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropri-
       ate action to satisfy the needs of SSL_connect().  The action depends on the underlying BIO. When using a non-blocking socket, nothing is
       to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written
       into or retrieved out of the BIO before being able to continue.

RETURN VALUES

       The following return values can occur:

       1   The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

       0   The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call
	   SSL_get_error() with the return value ret to find out the reason.

       <0  The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred.
	   The shutdown was not clean. It can also occur of action is need to continue the operation for non-blocking BIOs. Call SSL_get_error()
	   with the return value ret to find out the reason.

SEE ALSO

       SSL_get_error(3), SSL_accept(3), SSL_shutdown(3), ssl(3), bio(3), SSL_set_connect_state(3), SSL_do_handshake(3), SSL_CTX_new(3)

0.9.7d								    2003-11-20							    SSL_connect(3)
All times are GMT -4. The time now is 03:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy