Date: Thu, 15 Apr 2010 07:45:53 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: hacked? Message-ID: <4BC6A811.90402@locolomo.org> In-Reply-To: <x2k539c60b91004141556u10ba49bfsd11cc069e5ef791f@mail.gmail.com> References: <x2k539c60b91004141556u10ba49bfsd11cc069e5ef791f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15/04/10 00:56, Steve Franks wrote: > I don't have bsdstats or similar that I'm aware of installed, so this > smells bad: > > Firewall is showing repeated attempts from your FreeBSD machine to > connect to port 25 (standard SMTP mail port) on a server in Belgium. This > implies something on your system is trying to send mail out. Who's firewall? Is this above snip from some notice you have received from a third party claiming you are attempting to connect to their server? Who's the one notifying you? The owner of the server or network receiving these connections? Or your LAN Lord? > [14/Apr/2010 15:11:09] DROP "SMTP Deny" packet from Local Area > Connection - LAN, proto:TCP, len:48, ip/port:192.168.1.38:17343 -> > 81.247.120.78:25, flags: SYN , seq:43473770 ack:0, win:65535, tcplen:0 192.168.1.38 - is that you? always? > Where would I start sniffing around as far as what got put on my box? How about ps ax sockstat -4 Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BC6A811.90402>