Date: Tue, 17 Jun 2003 21:50:36 -0400 From: Jaime <jaime@snowmoon.com> To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: ping: sendto: No buffer space available Message-ID: <4195050A-A12F-11D7-8F3A-000393193538@snowmoon.com> In-Reply-To: <3EEFC22E.3040105@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, June 17, 2003, at 09:36 PM, Bill Moran wrote: > I found a web page that claims that nscd is a Debian program called > "name service cache daemon". (Cache only DNS server?) So if it's > connecting > to any port other than DNS, it's probably a trojan pretending to be > nscd. I think that I found the same page. I agree with your assessment. The IP address that it is attempting to connect to is not found via traceroute and is registered to what appears to be a Russian ISP. How odd.... I'll be grabbing new source code and recompiling everything tomorrow. The box was running 4.7-Stable anyway. :) The troubling part is that the process claims to be /usr/sbin/nscd, but that file doesn't exist. I'll have to see how they did that with lsof, mergemaster, etc. Jaime
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4195050A-A12F-11D7-8F3A-000393193538>