From owner-freebsd-questions  Thu Apr  4  8:16:25 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail3.ucles.org.uk (mail3.ucles.org.uk [192.149.119.13])
	by hub.freebsd.org (Postfix) with ESMTP id 12B1B37B41A
	for <questions@freebsd.org>; Thu,  4 Apr 2002 08:16:17 -0800 (PST)
Received: from mail3.ucles.org.uk (unverified) by mail3.ucles.org.uk
 (Content Technologies SMTPRS 4.2.5) with ESMTP id <T5a0e6223df803c033211e@mail3.ucles.org.uk> for <questions@freebsd.org>;
 Thu, 4 Apr 2002 17:12:49 +0100
Received: by forest.nrl.navy.mil with Internet Mail Service (5.5.2653.19)
	id <HN43FFQV>; Thu, 4 Apr 2002 17:12:49 +0100
Message-ID: <0B0368CED76DD4118E1200D0B73E9B5D041E9FA5@MAIL1>
From: Mike Dewhirst <Dewhirst.M@UCLES.org.uk>
To: "'questions@freebsd.org'" <questions@freebsd.org>
Subject: have I been hacked?!
Date: Thu, 4 Apr 2002 17:13:15 +0100 
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DBF3.A001C150"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1DBF3.A001C150
Content-Type: text/plain; charset="iso-8859-1"

I did a netscan of my box (which I;ve not done for 2-3 months or so) and
spotted this:

1505/tcp   open        funkproxy
4008/tcp   open        netcheque

I've never heard of either.

Has the system been compromised?

Any help would be extremely appreciated.

Mike


This message was written in plain text mode. 
Everything below the dotted line was not 
written by the author of this email. 
---------------------- 


=**********************************************************

If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination or copying of this communication and its attachments is strictly prohibited.

If you have received this communication and its attachments in error, please return the original message and attachments to the sender using the reply facility on e-mail.

Internet communications are not secure and therefore the UCLES Group does not accept legal responsibility for the contents of this message.  Any views or opinions presented are solely those of the author and do not necessarily represent those of the UCLES Group unless otherwise specifically stated.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses although this does not guarantee that this email is virus free.

**********************************************************=


------_=_NextPart_001_01C1DBF3.A001C150
Content-Type: text/html; charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>have I been hacked?!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>I did a netscan of my box (which I;ve not done for 2-3 months or so) and spotted this:</FONT>
</P>

<P><FONT SIZE=2>1505/tcp&nbsp;&nbsp; open&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; funkproxy</FONT>
<BR><FONT SIZE=2>4008/tcp&nbsp;&nbsp; open&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; netcheque</FONT>
</P>

<P><FONT SIZE=2>I've never heard of either.</FONT>
</P>

<P><FONT SIZE=2>Has the system been compromised?</FONT>
</P>

<P><FONT SIZE=2>Any help would be extremely appreciated.</FONT>
</P>

<P><FONT SIZE=2>Mike</FONT>
</P>
<BR>

<P><FONT SIZE=2>This message was written in plain text mode. </FONT>
<BR><FONT SIZE=2>Everything below the dotted line was not </FONT>
<BR><FONT SIZE=2>written by the author of this email. </FONT>
<BR><FONT SIZE=2>---------------------- </FONT>
</P>

<CODE><FONT SIZE=3><BR>
<BR>
=**********************************************************<BR>
<BR>
If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination or copying of this communication and its attachments is strictly prohibited.<BR>
<BR>
If you have received this communication and its attachments in error, please return the original message and attachments to the sender using the reply facility on e-mail.<BR>
<BR>
Internet communications are not secure and therefore the UCLES Group does not accept legal responsibility for the contents of this message.  Any views or opinions presented are solely those of the author and do not necessarily represent those of the UCLES Group unless otherwise specifically stated.<BR>
<BR>
This footnote also confirms that this email message has been swept by<BR>
MIMEsweeper for the presence of computer viruses although this does not guarantee that this email is virus free.<BR>
<BR>
**********************************************************=<BR>
</FONT></CODE>
</BODY>
</HTML>
------_=_NextPart_001_01C1DBF3.A001C150--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message