hacked?
Steve Franks
bahamasfranks at gmail.com
Wed Apr 14 22:56:02 UTC 2010
I don't have bsdstats or similar that I'm aware of installed, so this
smells bad:
Firewall is showing repeated attempts from your FreeBSD machine to
connect to port 25 (standard SMTP mail port) on a server in Belgium. This
implies something on your system is trying to send mail out.
[14/Apr/2010 15:11:09] DROP "SMTP Deny" packet from Local Area
Connection - LAN, proto:TCP, len:48, ip/port:192.168.1.38:17343 ->
81.247.120.78:25, flags: SYN , seq:43473770 ack:0, win:65535, tcplen:0
IP-Whois searches for "81.247.120.78:25" show this IP address belongs to
a Belgian ISP:
http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=81.247.120.78&do_search=Search
inetnum: 81.247.96.0 - 81.247.127.255
netname: BE-SKYNET-ADSL1
descr: ADSL-GO-PLUS
descr: Belgacom ISP SA/NV
country: BE
Where would I start sniffing around as far as what got put on my box?
Steve
More information about the freebsd-questions
mailing list