> So, say you have a server which listens on both port 443 for SSL > and 80 for HTTP, does access on port 80 get blocked at the same > time as access on port 443 gets blocked. Yes. Not 'blocked' -- TCP connects happen, but the server doesn't reply for up to the Timeout period. It you telnet to it by hand during the attack you can wait for 3 minutes and get the response.
FYI, in the ssl_error_log you get multiples of these: [15/Dec/2002 13:23:18 28357] [error] SSL handshake failed (server synergy.isite.net:443, client 61.133.84.147) (OpenSSL library error follows) [15/Dec/2002 13:23:18 28357] [error] OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [Hint: speaking not SSL to HTTPS port!?] Only 1 or sometimes 2 per site. In the main error log you get [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:18 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:19 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:21 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:21 2002] [info] [client 61.133.84.147] read request line timed out [Sun Dec 15 13:23:21 2002] [info] [client 61.133.84.147] read request line timed out Note that these servers are all very lightly loaded. They normally only clear 3% utilization during backups. We had these exact same symptoms on a server we had just put into production, which had only a single live site (with no content yet!) on it. This isn't a blast-DoS, as the total requests are identical with the number of sites on each server plus normal traffic. -- Joe Rhett Chief Geek [EMAIL PROTECTED] ISite Services, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
