From owner-freebsd-security@FreeBSD.ORG Sat Apr 16 09:31:24 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C60AD1065670 for ; Sat, 16 Apr 2011 09:31:24 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 8ADD78FC08 for ; Sat, 16 Apr 2011 09:31:24 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 011212B7C6A; Sat, 16 Apr 2011 05:31:23 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-type:content-type:in-reply-to:references:subject:subject :mime-version:user-agent:from:from:date:date:message-id; s=dkim; t=1302946282; x=1304760682; bh=jop9u9EXEUhx3UYzBNUQ5yEyCqRSTBZt hz+oKqq/KwI=; b=GPjflDLqz+8ZJBkxRg5Cky7mVu5cX3KuBbr/elWfongmVmvu KpCMqL5c9SfydrL8c2I2gBeKXoyFR2mQY8oa42SDpDEte7upQ82EQjXzu/1N5yTx zLgfyKH8ry1ofXiVrKwbQWSGGgUw4jGOiLEWIb2L+6B/e2A846A2hCpGmeY= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.14 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id DEDFE2B7C64; Sat, 16 Apr 2011 05:31:22 -0400 (EDT) Received: from Macintosh.local (166.248.64.9) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.722.0; Sat, 16 Apr 2011 05:31:22 -0400 Message-ID: <4DA961F1.1040100@secnap.com> Date: Sat, 16 Apr 2011 05:31:29 -0400 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 MIME-Version: 1.0 To: Przemyslaw Frasunek References: <4DA95938.7050608@secnap.com> <4DA96137.5050100@frasunek.com> In-Reply-To: <4DA96137.5050100@frasunek.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, Emerging Threats Signatures Subject: Re: 193.138.118.3 ? lagoon.freebsd.lublin.pl /cache, freebsd, lublin, pl on TOR end point list? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Apr 2011 09:31:24 -0000 On 4/16/11 5:28 AM, Przemyslaw Frasunek wrote: > > freebsd.lublin.pl does not host any FreeBSD mirrors. It's a shell server with > ~300-400 accounts, running for 14 years. I personally know (almost) every person > having account here. We have TOR installed (without exit node functionality), > but it's not used for any kind of illegal activities. > so, option C: being too paranoid and I should get more rest :-) I will try to track down what server is lookup up cache.freebsd.lublin.pl and see why its doing that. thanks. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Best Intrusion Prevention Product, Networks Product Guide * Certified SNORT Integrator * Hot Company Award, World Executive Alliance * Best in Email Security, 2010 Network Products Guide * King of Spam Filters, SC Magazine ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________