I think you ([EMAIL PROTECTED]) are confusing "bugbear" with "slapper". Provided you restarted your web server after the upgrade to 0.9.6g, you should be OK as far as that is concerned. The restart is necessary to ensure that no code from the previous version of openssl is still in memory.
Could you give some more details about your other problems please? eg, version of apache and mod_ssl? You may need to upgrade these. For example, there is a recent update to apache (1.3.27) that contains several "new" security fixes. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Theories of evolution are like buses - there'll be another one along in a minute > -----Original Message----- > From: B. van Ouwerkerk [mailto:[EMAIL PROTECTED]] > Sent: 07 October 2002 17:17 > To: [EMAIL PROTECTED] > Subject: Re: apache and that whole "bugbear" thing > > > Uhhhhhhh last time I checked bugbear was a virus infecting M$ > Lookout users. > Don't think it runs against Linux. > > > At 20:51 5-10-02 -0400, [EMAIL PROTECTED] wrote: > > >Is this the right place to ask questions about the bugbear worm? > > > >On a Sun box, we upgraded openssl to 0.9.6g because of the potential > >for the whole bugbear attack... I realize it's apparently targeted > >at linux, but better safe then sorry... well, we've started getting > >hit with what we think may be attacks... they're not getting through, > >but they cause apache to lock up... it's very strange... the > situation > >seems to happen as follows: > > > >We get a couple http requests that return a "400" status... then the > >server stops serving requests... then EXACTLY (every time) 5 minutes > >later, to the second, we get a request that gives a 408 error from > >the same IP, then apache needs to be restarted before it accepts any > >further requests... > > > >until this morning, there has not been much information in > the logs... > >but this morning, there were some entries in the ssl_engine_log that > >looked like this: > > > >[05/Oct/2002 02:55:42 00969] [error] SSL handshake timed out (client > >66.46.213.130, server XXX.XXX.com:443) > >[05/Oct/2002 02:55:42 00969] [info] Connection to child 14 > established > >(server YYY.YYY.com:443, client 66.46.213.130) > >[05/Oct/2002 02:55:42 00969] [info] Seeding PRNG with 1160 > bytes of entropy > >[05/Oct/2002 02:55:42 00969] [error] SSL handshake failed (server > >YYY.YYY.com:443, client 66.46.213.130) (OpenSSL library > error follows) > >[05/Oct/2002 02:55:42 00969] [error] OpenSSL: error:1406B458:SSL > >routines:GET_CLIENT_MASTER_KEY:key arg too long > >[05/Oct/2002 02:55:42 00969] [info] Connection to child 14 > established > >(server XXX.XXX.com:443, client 66.46.213.130) > >[05/Oct/2002 02:55:42 00969] [info] Seeding PRNG with 1160 > bytes of entropy > > > >66.46.213.130 was the ip address that gave the 400's and 408 this > >time around (different IP each time)... > > > >If this is not the best place to ask about this, please point me in > >the right direction... I'm starting to sweat with my boss breathing > >down my next... this is a 24/7 production server, running critical > >web applications that internal and external customers access > >constantly... so any help towards an answer would be greatly > >appreciated... > > > >Thanks. > >Dan. > > > > > >_____________________________________________________________ > _________ > >OpenSSL Project > http://www.openssl.org > >User Support Mailing List > [EMAIL PROTECTED] > >Automated List Manager > [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
