From owner-freebsd-questions@FreeBSD.ORG Thu Apr 1 14:30:41 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E33616A4CE for ; Thu, 1 Apr 2004 14:30:41 -0800 (PST) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA1BB43D1D for ; Thu, 1 Apr 2004 14:30:40 -0800 (PST) (envelope-from kdk@daleco.biz) Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Thu, 1 Apr 2004 16:31:17 -0600 Message-ID: <406C980D.5050408@daleco.biz> Date: Thu, 01 Apr 2004 16:30:37 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040322 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lorin Lund References: <2VFDE0PL3VXT1Z72YFDJFICJEUPMON.406c0e6a@portege> In-Reply-To: <2VFDE0PL3VXT1Z72YFDJFICJEUPMON.406c0e6a@portege> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Apr 2004 22:31:18.0156 (UTC) FILETIME=[0CE20CC0:01C41839] cc: Chuck McManis cc: freebsd-questions@freebsd.org Subject: Re: unknown tcp connections to dawsonmail.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2004 22:30:41 -0000 > > >At 06:44 PM 3/30/2004, Lorin Lund wrote: > > >>I have freebsd 5.2 release running on my server. >>I have apache2 and MySQL installed and running. No other >>daemons to speak of. Yet my DSL router shows connections >>to dawsonmail.com. >> >>Does anyone have any knowledge or ideas of what might be >>going on? The DSL router does not show port info. >>Just the outside domain name and the inside IP address. >> >> >3/30/2004 8:35:26 PM, Chuck McManis wrote: > > >>Its a bit confusing because you mention the DSL router and "my server" as >>if they are two different machines. If they are, then are they the ONLY two >>different machines behind the DSL router? Is it possible you have a Windoze >>PC on your subnet somewhere? Seems that dawsonmail.com is a hostile web >>site (it attempts to install adware) perhaps you have something connected >>to it somewhere? >> >>--Chuck >> >> >> ] ] Lorin Lund wrote: ] Qwest is my phone company. When I signed up for DSL I opted for ] and external DSL connection. They supplied an ActionTec router/hub/modem. ] It has an HTML interface for configuration and it has a limited amount ] of traffic logging. The log shows the external domain and the internal ] IP address. There are several Windoze boxes and my FreeBSD box. The ] ActionTec does NAT. Anything that comes in that isn't a response to an ] outgoing packet would normally be dropped. But I have enabled an ] option to have all other traffic go to my FreeBSD box. I don't know if ] the log shows only outgoing traffic or if it includes unsolicited incoming ] stuff. If so the dawsonmail.com could be them probing me. ] ] But if they have managed somehow to get stuff into my FreeBSD system I want to ] find out how and to cut it off. This last sentence is quite unlikely. I'm not trying to poke fun at any person, especially you, but *if* dawsonmail is an 'adware' outfit, (and I'm taking Chuck's word on that) they've got nothing on your FBSD box, unless you are browsing a site that has one of their ads in its code. Many Winblows installs are as full of holes as Swiss cheese. This isn't to say that FreeBSD is necessarily more secure (although if we wanted to attempt to prove this, evidence might well be sufficient, it's just that I'm not crusading in the flame wars here). It is certain that adware, spyware and virii/trojans coded for a Windows environment will not execute on FreeBSD. The chances are extremely high that one of the following is true: a] A Windows machine on your LAN has adware /spyware on it. b] A Windows machine on your LAN *had* adware /spware on it, the remote site noted a static IP, and it is periodically "calling all cars...." Were I a wagering individual, I'd lay my $$ on a] I have hardly been on a Windows service call lately in which I've not seen any adware/spyware, except maybe in my own home. My family members are advised on pain of near-death not to install software from the Internet .... Kevin Kinsey DaleCo, S.P.