Date: Fri, 14 Dec 2001 16:21:35 -0700 From: "Carlos Andrade" <carlos@rjstech.com> To: <security@freebsd.org> Subject: okay now I am worried Message-ID: <000001c184f6$133d72e0$fa01a8c0@rjstech.com> In-Reply-To: <bulk.96770.20010128124336@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The following has been in my log for a few days : -x86 FreeBSD 4.2 machine (btw) -logging in vain is turned on -the only thing I am running is natd (gateway for our company) and very few ports are specifically left open -I do not allow inside traffic to go in to the outside nic (and vice versa) to stop spoofing -I specifically blocked ports 135, 139, 3389, 6667, 6668 cause nmap said that they were responding or open for some reason. (date) /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:XXXX where XXXX has been the following : 1389, 1396, 1523, 1530 sockstat -4 returns that the only thing open is natd user command pid fd proto local_add foreign_add ROOT natd xxx 3 div4 *.8668 *.* ROOT natd XXX 4 icm4 *.* *.* sockstat -6 returns nothing (since I am not running ip6) sockstat -u returns : cron, syslogd and natd running ps -auwx | sort | uniq returns buffdaemon, pagedaemon, swapper, syncer, my bash shell, init, natd, the tty terminals, adjkerntz, syslogd, cron, and ps reading up on the ports udp 512 is biff, but I am not running any mail server. The only mail I get is generated by daily reports in cron. so am I crazy or ? ---- Carlos A. Andrade IS Manager RJS Technologies 915.845.5228 ext 13 915.845.2119 fax carlos@rjstech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c184f6$133d72e0$fa01a8c0>