Date: Sat, 21 Mar 2015 13:27:54 -0400 From: Ernie Luzar <luzar722@gmail.com> To: The Lost Admin <thelostadmin@gmail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: 10.0 system issuing outbound packets to port 25 smtp to 66.96.214.197 Message-ID: <550DAA1A.50002@gmail.com> In-Reply-To: <1B9D189E-4FD6-495D-8381-E0E3CFF5A2A2@gmail.com> References: <550D8B0E.2020406@gmail.com> <1B9D189E-4FD6-495D-8381-E0E3CFF5A2A2@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Mar 21, 2015, at 11:15 AM, Ernie Luzar <luzar722@gmail.com > <mailto:luzar722@gmail.com>> wrote: > >> My ipfilter firewall logs 2 outbound packets on port 25 every 70 >> minuets. There is no LAN behind this box so it must be coming from the >> freebsd 10.0 system or from one of the official installed ports I have. >> Sendmail is disabled and postfix is running in it's place. >> >> 66.96.214.197,25 tcp is the target public ip address. >> >> How should I go about finding the running task that is doing this??? > > The Lost Admin wrote: > Ernie, > > Did you do an nslookup on the address in question? I did and it is > listed as part of the hostnoc.net <http://hostnoc.net>; domain. > Googling that domain gets some pretty fishy results in the top 10. > > The Lost Admin > thelostadmin@gmail.com <mailto:thelostadmin@gmail.com> > > The nslookup command has been removed from the base as its obsolete. SO how did you issue that command? whois command says it belongs to Arabsgate My orginal question deals with "why is 10.1 issuing these port 25 packets"? IS my 10.1 system compromised??
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?550DAA1A.50002>