Starting last Thursday, we started to see one of our webservers
become unresponsive for about 10 minutes...it seemed to be correlated
with what appeared to be a slapper/OpenSSL worm attack. We are
not vulnerable to the worm but the attack seemed to use up some
resources (not CPU) that prevented apache from answering more requests.
Note that it corrects itself after 10 minutes or so without manual
intervention.
Here's the ouput of our Server: header.
Server: Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6g mod_jk
The error in the logs is:
[Thu Sep 26 20:55:18 2002] [error] OpenSSL: error:1406B458:SSL
routines:GET_CLIENT_MASTER_KEY:key arg too long
There also are a lot of errors like this that start at the same time:
[Thu Sep 26 20:49:36 2002] [error] mod_ssl: Child could not open SSLMutex lockfile
/usr/local/apache/logs/ssl_mutex.22003 (System error follows)
And sure enough the mutex file on that server is gone. It comes
back on restart...but what the heck is going on here? Anyone having
similar issues?
This is driving me crazy as this is on our production servers and
I'm not going to get a wink of sleep tonight unless I figure out
how to stop it....
___________________________________________________________________
P a u l
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
