[Cod-bugs] [syssec-research-scans] Flooding our logs :(
Juraj Somorovsky
juraj.somorovsky at upb.de
Sun Jul 14 21:13:47 EEST 2024
Dear Saulius,
I am very sorry for this, our student had a technical incident, which
caused the large number of requests. We have been informed also by
another admin and stopped the scan on Thursday.
We will of course limit our our future scans as you described. If there
is any inconvencience in the future, let us know.
Best regards
Juraj
On 13.07.24 09:04, Saulius Gražulis wrote:
> Hi, folks,
>
> your connection makes multiple attempts to send SSL packets that our
> server deems incorrect, and these packets flood our logs:
>
>> Jul 10 05:02:28 xlists postfix/smtpd[24060]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313:
>> Jul 10 05:02:28 xlists postfix/smtpd[24036]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313:
>> Jul 10 05:02:28 xlists postfix/smtpd[24056]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313:
>> Jul 10 05:02:28 xlists postfix/smtpd[24150]: warning: TLS library problem: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message:../ssl/statem/statem_srvr.c:313:
>> Jul 10 05:02:30 xlists postfix/smtpd[24056]: improper command pipelining after EHLO from*tls-crawler3.cs.uni-paderborn.de*[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n
>> Jul 10 05:02:30 xlists postfix/smtpd[24078]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n
>> Jul 10 05:02:30 xlists postfix/smtpd[24151]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n
>> Jul 10 05:02:30 xlists postfix/smtpd[24067]: improper command pipelining after EHLO from tls-crawler3.cs.uni-paderborn.de[131.234.28.60]: \027\003\003\000\f\r\nSTARTTLS\r\n
>
> The log becomes about 23M for a single day :(
>
> Could you please limit your requests to a single IP to no more that
> 10-20 requests? Our server is "lists.crystallography.net" (158.129.170.77).
>
> Thank you for your understanding.
>
> Sincerely yours,
> Saulius
>
> --
> Dr. Saulius Gražulis
> Vilnius University Institute of Biotechnology, Saulėtekio al. 7
> LT-10257 Vilnius, Lietuva (Lithuania)
> fax: (+370-5)-2234367 / phone (office): (+370-5)-2234353
> mobile: (+370-684)-49802, (+370-614)-36366
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
--
Prof. Dr.-Ing.
Juraj Somorovsky
System Security
Dept. of Computer Science
Universität Paderborn
Institut für Informatik
Fürstenallee 11
D-33102 Paderborn
Office F2.315
Telephone +49 5251 60-6690
E-Mail juraj.somorovsky at upb.de
Web https://www.uni-paderborn.de/person/83504
Twitter https://twitter.com/jurajsomorovsky
https://www.instagram.com/uni_paderborn
https://www.facebook.com/unipaderborn
https://de.linkedin.com/school/uni-paderborn
https://twitter.com/unipb
https://www.youtube.com/user/upbvideo
More information about the Cod-bugs
mailing list