both my servers crashed

Ron Davis ron_davis at ftml.net
Sat Apr 23 13:54:33 UTC 2005 

Hello,

I run a Tor server (0.0.9.8) on Win98SE. I had similar error messages in
the past 12 hours. However, Tor seemed to be still running. I got the
following error message from Windows:

"Microsoft Visual C++ Debug Library
Debug Error
This application has requested the Runtime to terminate it in an unusual
way."

Here are the last error and warning messages from Tor:

Apr 23 12:51:03.960 [warn] connection_tls_finish_handshake(): Other side
(82.83.71.120:62411) has a cert without a valid nickname. Closing.
Apr 23 12:56:09.180 [warn] tor_tls_get_peer_cert_nickname(): Peer
certificate nickname has illegal characters.
Apr 23 12:56:09.180 [warn] connection_tls_finish_handshake(): Other side
(84.13.106.159:1626) has a cert without a valid nickname. Closing.
Apr 23 12:56:11.540 [err] _assert_no_tls_errors(): Unhandled OpenSSL
errors found at buffers.c:229:
Apr 23 12:56:11.540 [err] TLS error: too long (in asn1 encoding
routines:ASN1_gt_object)
Apr 23 12:56:11.540 [err] TLS error: bad object header (in asn1 encoding
routings:ASN1_CHECK_TLEN)
Apr 23 12:56:11.540 [err] TLS error: nested asn1 error (in asn1 encoding
routings:ASN1_D2I_EX_PRIMITIVE)
Apr 23 12:56:11.540 [err] TLS error: too long (in asn1 encoding
routines:ASN1_gt_object)
Apr 23 12:56:11.540 [err] TLS error: bad object header (in asn1 encoding
routins:ASN1_CHECK_TLEN)
Apr 23 12:56:11.540 [err] TLS error: nested asn1 error (in asn1 encoding
routings:ASN1_D2I_EX_PRIMITIVE)
Apr 23 12:56:11.540 [err] tortls.c:814: _assert_no_tls_errors: Assertion
0 failed; aborting.
tortls.c:814 _assert_no_tls_errors: Assertion 0 failed; aborting.

After the first Windows error message, I rebooted and found the
installer exe of the backdoor program FTPCentre.13.A on my system (
http://www.megasecurity.org/trojans/f/ftpcenter/Ftpcenter1.3.html ). 

I suspect that the instability of the system somehow opened it to an
intruder.

Regards,
Ron

On Sat, 23 Apr 2005 13:30:38 +0200, "Martin Balvers"
<m.balvers at addicts.nl> said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> What happend to the network yesterday ?
> I have 2 servers and they both crashed with the following messages in
> the logfile.

--[snip]--
-- 
  Ron Davis
  ron_davis at ftml.net

More information about the tor-talk mailing list