Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Mar 2015 13:30:03 -0400
From:      The Lost Admin <thelostadmin@gmail.com>
To:        Ernie Luzar <luzar722@gmail.com>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: 10.0 system issuing outbound packets to port 25 smtp to 66.96.214.197
Message-ID:  <07DB6EB0-0E43-4E21-BBEC-101AA034C8EA@gmail.com>
In-Reply-To: <550DAA1A.50002@gmail.com>
References:  <550D8B0E.2020406@gmail.com> <1B9D189E-4FD6-495D-8381-E0E3CFF5A2A2@gmail.com> <550DAA1A.50002@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

The Lost Admin
thelostadmin@gmail.com



On Mar 21, 2015, at 1:27 PM, Ernie Luzar <luzar722@gmail.com> wrote:

>=20
>> On Mar 21, 2015, at 11:15 AM, Ernie Luzar <luzar722@gmail.com =
<mailto:luzar722@gmail.com>> wrote:
>>> My ipfilter firewall logs 2 outbound packets on port 25 every 70 =
minuets.  There is no LAN behind this box so it must be coming from the
>>> freebsd 10.0 system or from one of the official installed ports I =
have.
>>> Sendmail is disabled and postfix is running in it's place.
>>>=20
>>> 66.96.214.197,25 tcp is the target public ip address.
>>>=20
>>> How should I go about finding the running task that is doing this???
>>=20
> > The Lost Admin wrote:
> > Ernie,
> >
> > Did you do an nslookup on the address in question? I did and it is
> > listed as part of the hostnoc.net <http://hostnoc.net>; domain.
> > Googling that domain gets some pretty fishy results in the top 10.
> >
> > The Lost Admin
> > thelostadmin@gmail.com <mailto:thelostadmin@gmail.com>
> >
> >
>=20
> The nslookup command has been removed from the base as its obsolete.
> SO how did you issue that command?

I=92m still on 9.3 BUT you=92ve also got the host and dig commands =
instead of nslookup.

> whois command says it belongs to Arabsgate
>=20
> My orginal question deals with "why is 10.1 issuing these port 25 =
packets"?  IS my 10.1 system compromised??
>=20
>=20
>=20

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07DB6EB0-0E43-4E21-BBEC-101AA034C8EA>