ping: sendto: No buffer space available
Bill Moran
wmoran at potentialtech.com
Tue Jun 17 18:36:53 PDT 2003
Jaime wrote:
> FWIW, I think that I found the problem. With the help of our ISP,
> we've found that one of my servers has been dumping so many packets out to
> the Internet that our router was dropping packets. I've unplugged it at
> this point and we do not have the same symptoms at this time.
>
> The clues to a crack are evident, too. A process "/usr/sbin/nscd"
> is running on the box according to top and ps, but the file does not
> exist. Further more, I never told such a process to execute. Shortly
> after a reboot, a netstat command showed a connection to 37303 on a remote
> host. I was the only person logged in and I did not initiate that
> connection.
>
> Obviously, I'll be taking steps to find the crack and remote it.
> :) If anyone wants to suggest something to check, I'd appreciate it.
I found a web page that claims that nscd is a Debian program called
"name service cache daemon". (Cache only DNS server?) So if it's connecting
to any port other than DNS, it's probably a trojan pretending to be nscd.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list