The last days we had some trouble with a script-kiddie: Looks like this kid wrote a script which permanently (at least every second) tried to connect to port 5223 of our Jabber-Server (1.4.2) without having a real ssl-client at his side.
This caused a huge number of log-entries (after enabling debugging): mio_ssl.c:238 SSL accepting socket with new session 82aeb48 mio_ssl.c:256 Error from SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol mio_ssl.c:257 SSL Error in SSL_accept call After some time this caused our main jabberd to hang - only a restart of jabberd after inserting a DROP-Rule for the kiddies IP into our iptables-ruleset brought jabberd back into stable working. At the moment I've no idea how to prevent jabberd of looping endless/too soon through mio_ssl in such a case, perhaps the heartbeat-monitor could help us here but I don't know how. Please correct me if you think that there's a possible misconfiguration at our side so I can post the relevant parts of our conf-files. BTW, is there a simple way to see which current user comes from which IP? netstat at this point is only partially helpful. TIA, Martin -- Express-Kommunikation mit Jabber: JabberID: [EMAIL PROTECTED] _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
