hacked?
Erik Norgaard
norgaard at locolomo.org
Thu Apr 15 05:45:58 UTC 2010
On 15/04/10 00:56, Steve Franks wrote:
> I don't have bsdstats or similar that I'm aware of installed, so this
> smells bad:
>
> Firewall is showing repeated attempts from your FreeBSD machine to
> connect to port 25 (standard SMTP mail port) on a server in Belgium. This
> implies something on your system is trying to send mail out.
Who's firewall? Is this above snip from some notice you have received
from a third party claiming you are attempting to connect to their server?
Who's the one notifying you? The owner of the server or network
receiving these connections? Or your LAN Lord?
> [14/Apr/2010 15:11:09] DROP "SMTP Deny" packet from Local Area
> Connection - LAN, proto:TCP, len:48, ip/port:192.168.1.38:17343 ->
> 81.247.120.78:25, flags: SYN , seq:43473770 ack:0, win:65535, tcplen:0
192.168.1.38 - is that you? always?
> Where would I start sniffing around as far as what got put on my box?
How about
ps ax
sockstat -4
Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions
mailing list