FreeBSD Mail Archives

Date:      Fri, 2 Aug 2002 12:28:51 -0500
From:      D J Hawkey Jr <hawkeyd@visi.com>
To:        security at FreeBSD <freebsd-security@freebsd.org>
Subject:   Re: OpenSSL trojan: I seem to have post-install evidence?
Message-ID:  <20020802122851.A55094@sheol.localdomain>

next in thread | raw e-mail | index | archive | help


Earlier, I wrote:

----- Forwarded message from D J Hawkey Jr <hawkeyd@visi.com> -----

Hi All.

I need some help here. I 'csvup'd from RELENG_4_5 yesterday, and built and
installed the world, bringing my system to 4.5-RELEASE-15. I have since
seen the following in /var/log/security:

---8<---

Aug  2 10:27:15 sheol ipmon[70]: 10:27:15.792366 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN
Aug  2 10:27:15 sheol ipmon[70]: 10:27:15.793415 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN
Aug  2 10:27:18 sheol ipmon[70]: 10:27:18.702554 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN
Aug  2 10:27:18 sheol ipmon[70]: 10:27:18.726508 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN
Aug  2 10:27:24 sheol ipmon[70]: 10:27:24.710308 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN
Aug  2 10:27:24 sheol ipmon[70]: 10:27:24.749498 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN

--->8---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020802122851.A55094>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation