Lost Entropy » security http://lostentropy.com Aaron B. Russell's personal blog Fri, 06 Jan 2012 02:54:46 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Certificate Assistant says certificate already exists http://lostentropy.com/2010/02/06/certificate-assistant-says-certificate-already-exists/ http://lostentropy.com/2010/02/06/certificate-assistant-says-certificate-already-exists/#comments Sat, 06 Feb 2010 01:08:57 +0000 Aaron B. Russell http://lostentropy.com/?p=2396 Continue reading ]]>


Just over a year ago, I created a bunch of SSL certs following the instructions here: http://www.devklog.net/2008/05/25/generating-ssl-certificates-that-will-make-firefox-3-happy/

I’m having some interesting problems creating a new certificate to replace an expired one.

When I created a new certificate (as a leaf of a self-signed CA cert), to replace the expired leaf, I got a message saying that the certificate already existed.

I backed up and then deleted the expired cert and tried again, to no avail.

I saw this old thread which seems related to the problems I’m having, but the solutions there didn’t help me (I’m already manually picking serial numbers in the format yyyymmddnn, where nn is the number of certificates I’ve created that day, and deleting the Certificate Authority folder from Application Support in my home library didn’t make a difference either).

Anyone else had similar trouble? How did you resolve it?

]]> http://lostentropy.com/2010/02/06/certificate-assistant-says-certificate-already-exists/feed/ 0 Strange POP3 traffic from Google? http://lostentropy.com/2009/04/12/strange-pop3-traffic-from-google/ http://lostentropy.com/2009/04/12/strange-pop3-traffic-from-google/#comments Sun, 12 Apr 2009 09:07:35 +0000 Aaron B. Russell http://lostentropy.com/?p=2308 Continue reading ]]>


I just read a daily email from Logwatch to find some very strange messages…

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.208, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.210, lip=my.ip.ad.dr: 3 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.211, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.212, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.213, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.214, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.216, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.217, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.218, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.219, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.220, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.221, lip=my.ip.ad.dr: 4 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.225, lip=my.ip.ad.dr: 3 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.227, lip=my.ip.ad.dr: 3 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.228, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.232, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.234, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.235, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.236, lip=my.ip.ad.dr: 5 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.237, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.238, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.239, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.240, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.241, lip=my.ip.ad.dr: 2 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.244, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.245, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.246, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.248, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.249, lip=my.ip.ad.dr: 1 Time(s)

dovecot: pop3-login: Disconnected (no auth attempts): rip=209.85.198.251, lip=my.ip.ad.dr: 1 Time(s)

Okay, so let’s list the strange events here:

  • A whole bunch of sequential IPs are connecting to my POP3 port (not necessarily in order, perhaps Logwatch is just picking them out that way)
  • The remote machines are connecting, but not even attempting to authenticate (log in), they’re just disconnecting
  • The IP range is apparently owned by Google

So… what’s going on here, exactly? Anyone able to shed some light onto this?

]]> http://lostentropy.com/2009/04/12/strange-pop3-traffic-from-google/feed/ 4