bob88 at eng.ufl.edu
Thu Feb 12 15:25:48 PST 2004
Wallace Aiken wrote:
> Date: Thu, 12 Feb 2004 15:25:36 -0500
> From: "Wallace Aiken" <Aiken at salem.kent.edu>
> Subject: Spimware infection
> Hi, I'm using two of your firewalls...they work great. But all of
> a sudden they're showing signs of "Spimmware" infection, a kind of
I also can find no information about "Spimmware" or "Spimware".
> I work for Kent State university and their network scan came up
> with the IPs and host names of my firewalls, as well as some other
> hosts on my subnet that were not behind the firewall...can you give
> me any advice?
Are you using NAT to allow the systems behind a firewall to share the IP
address of the firewall? If so, it is most likely systems behind the
firewalls that are infected, not the firewalls themselves. If they are
monitoring network traffic and seeing suspicious activity, NAT would
cause it to have the IP number of your firewall and they would naturally
assume that was the infected system.
If you literally mean "network scan" rather than "network monitoring"
(i.e. they are actively probing systems for vulnerabilities, not just
monitoring network traffic), then ask them which open ports (or other
behavior) on the firewalls lead them to believe they are infected, and
report that to the list. We can probably explain it then.
More information about the freebsd-questions