Date: Thu, 01 Apr 2004 16:30:37 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: Lorin Lund <llund@kleenmail.net> Cc: freebsd-questions@freebsd.org Subject: Re: unknown tcp connections to dawsonmail.com Message-ID: <406C980D.5050408@daleco.biz> In-Reply-To: <2VFDE0PL3VXT1Z72YFDJFICJEUPMON.406c0e6a@portege> References: <2VFDE0PL3VXT1Z72YFDJFICJEUPMON.406c0e6a@portege>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >At 06:44 PM 3/30/2004, Lorin Lund wrote: > > >>I have freebsd 5.2 release running on my server. >>I have apache2 and MySQL installed and running. No other >>daemons to speak of. Yet my DSL router shows connections >>to dawsonmail.com. >> >>Does anyone have any knowledge or ideas of what might be >>going on? The DSL router does not show port info. >>Just the outside domain name and the inside IP address. >> >> >3/30/2004 8:35:26 PM, Chuck McManis <cmcmanis@mcmanis.com> wrote: > > >>Its a bit confusing because you mention the DSL router and "my server" as >>if they are two different machines. If they are, then are they the ONLY two >>different machines behind the DSL router? Is it possible you have a Windoze >>PC on your subnet somewhere? Seems that dawsonmail.com is a hostile web >>site (it attempts to install adware) perhaps you have something connected >>to it somewhere? >> >>--Chuck >> >> >> ] ] Lorin Lund wrote: ] Qwest is my phone company. When I signed up for DSL I opted for ] and external DSL connection. They supplied an ActionTec router/hub/modem. ] It has an HTML interface for configuration and it has a limited amount ] of traffic logging. The log shows the external domain and the internal ] IP address. There are several Windoze boxes and my FreeBSD box. The ] ActionTec does NAT. Anything that comes in that isn't a response to an ] outgoing packet would normally be dropped. But I have enabled an ] option to have all other traffic go to my FreeBSD box. I don't know if ] the log shows only outgoing traffic or if it includes unsolicited incoming ] stuff. If so the dawsonmail.com could be them probing me. ] ] But if they have managed somehow to get stuff into my FreeBSD system I want to ] find out how and to cut it off. This last sentence is quite unlikely. I'm not trying to poke fun at any person, especially you, but *if* dawsonmail is an 'adware' outfit, (and I'm taking Chuck's word on that) they've got nothing on your FBSD box, unless you are browsing a site that has one of their ads in its code. Many Winblows installs are as full of holes as Swiss cheese. This isn't to say that FreeBSD is necessarily more secure (although if we wanted to attempt to prove this, evidence might well be sufficient, it's just that I'm not crusading in the flame wars here). It is certain that adware, spyware and virii/trojans coded for a Windows environment will not execute on FreeBSD. The chances are extremely high that one of the following is true: a] A Windows machine on your LAN has adware /spyware on it. b] A Windows machine on your LAN *had* adware /spware on it, the remote site noted a static IP, and it is periodically "calling all cars...." Were I a wagering individual, I'd lay my $$ on a] I have hardly been on a Windows service call lately in which I've not seen any adware/spyware, except maybe in my own home. My family members are advised on pain of near-death not to install software from the Internet .... Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?406C980D.5050408>