Date: Tue, 17 Jun 2003 21:36:46 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Jaime <jaime@snowmoon.com> Cc: freebsd-questions@freebsd.org Subject: Re: ping: sendto: No buffer space available Message-ID: <3EEFC22E.3040105@potentialtech.com> In-Reply-To: <20030617194247.C99305@malkav.snowmoon.com> References: <200306172227.h5HMRnN4014581@peedub.jennejohn.org> <20030617194247.C99305@malkav.snowmoon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jaime wrote: > FWIW, I think that I found the problem. With the help of our ISP, > we've found that one of my servers has been dumping so many packets out to > the Internet that our router was dropping packets. I've unplugged it at > this point and we do not have the same symptoms at this time. > > The clues to a crack are evident, too. A process "/usr/sbin/nscd" > is running on the box according to top and ps, but the file does not > exist. Further more, I never told such a process to execute. Shortly > after a reboot, a netstat command showed a connection to 37303 on a remote > host. I was the only person logged in and I did not initiate that > connection. > > Obviously, I'll be taking steps to find the crack and remote it. > :) If anyone wants to suggest something to check, I'd appreciate it. I found a web page that claims that nscd is a Debian program called "name service cache daemon". (Cache only DNS server?) So if it's connecting to any port other than DNS, it's probably a trojan pretending to be nscd. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EEFC22E.3040105>