1 Feb 19:22
Incomplete SSL negotiation information
Mike Cardwell <modsecurity <at> lists.grepular.com>
2010-02-01 18:22:23 GMT
2010-02-01 18:22:23 GMT
My server has somehow found its self on the end of some strange behaviour originating from the Pushdo botnet as described here: http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129 The infected hosts basically connect to the HTTPS port, send some garbage and then disconnect without the SSL negotiation even being completed. My error log is full of stuff like this: [Mon Feb 01 18:19:37 2010] [error] unusably short session_id provided (1 bytes) Annoyingly for some reason Apache doesn't log the IP address in this circumstance. Is there anything I can do with ModSecurity to gather more information on this problem or to mitigate it somehow? -- Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ mod-security-users mailing list mod-security-users <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html
RSS Feed