10.0 system issuing outbound packets to port 25 smtp to 66.96.214.197
Ernie Luzar
luzar722 at gmail.com
Sat Mar 21 17:27:49 UTC 2015
>
> On Mar 21, 2015, at 11:15 AM, Ernie Luzar <luzar722 at gmail.com
> <mailto:luzar722 at gmail.com>> wrote:
>
>> My ipfilter firewall logs 2 outbound packets on port 25 every 70
>> minuets. There is no LAN behind this box so it must be coming from the
>> freebsd 10.0 system or from one of the official installed ports I have.
>> Sendmail is disabled and postfix is running in it's place.
>>
>> 66.96.214.197,25 tcp is the target public ip address.
>>
>> How should I go about finding the running task that is doing this???
>
> The Lost Admin wrote:
> Ernie,
>
> Did you do an nslookup on the address in question? I did and it is
> listed as part of the hostnoc.net <http://hostnoc.net> domain.
> Googling that domain gets some pretty fishy results in the top 10.
>
> The Lost Admin
> thelostadmin at gmail.com <mailto:thelostadmin at gmail.com>
>
>
The nslookup command has been removed from the base as its obsolete.
SO how did you issue that command?
whois command says it belongs to Arabsgate
My orginal question deals with "why is 10.1 issuing these port 25
packets"? IS my 10.1 system compromised??
More information about the freebsd-questions
mailing list