hacked?
Chuck Swiger
cswiger at mac.com
Wed Apr 14 23:01:55 UTC 2010
Hi--
On Apr 14, 2010, at 3:56 PM, Steve Franks wrote:
> I don't have bsdstats or similar that I'm aware of installed, so this
> smells bad:
>
> Firewall is showing repeated attempts from your FreeBSD machine to
> connect to port 25 (standard SMTP mail port) on a server in Belgium. This
> implies something on your system is trying to send mail out.
>
> [14/Apr/2010 15:11:09] DROP "SMTP Deny" packet from Local Area
> Connection - LAN, proto:TCP, len:48, ip/port:192.168.1.38:17343 ->
> 81.247.120.78:25, flags: SYN , seq:43473770 ack:0, win:65535, tcplen:0
>
> IP-Whois searches for "81.247.120.78:25" show this IP address belongs to
> a Belgian ISP:
There's no end of reasons (aka forged spam) why a machine might try to mail out to a random IP. Taking a look at /var/log/maillog and your queue of undelivered mail would be informative...
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list