ping: sendto: No buffer space available

Bill Moran wmoran at
Tue Jun 17 18:36:53 PDT 2003

Jaime wrote:
> 	FWIW, I think that I found the problem.  With the help of our ISP,
> we've found that one of my servers has been dumping so many packets out to
> the Internet that our router was dropping packets.  I've unplugged it at
> this point and we do not have the same symptoms at this time.
> 	The clues to a crack are evident, too.  A process "/usr/sbin/nscd"
> is running on the box according to top and ps, but the file does not
> exist.  Further more, I never told such a process to execute.  Shortly
> after a reboot, a netstat command showed a connection to 37303 on a remote
> host.  I was the only person logged in and I did not initiate that
> connection.
> 	Obviously, I'll be taking steps to find the crack and remote it.
> :)  If anyone wants to suggest something to check, I'd appreciate it.

I found a web page that claims that nscd is a Debian program called
"name service cache daemon". (Cache only DNS server?)  So if it's connecting
to any port other than DNS, it's probably a trojan pretending to be nscd.

Bill Moran
Potential Technologies

More information about the freebsd-questions mailing list