10.0 system issuing outbound packets to port 25 smtp to 66.96.214.197
The Lost Admin
thelostadmin at gmail.com
Sat Mar 21 17:30:07 UTC 2015
The Lost Admin
thelostadmin at gmail.com
On Mar 21, 2015, at 1:27 PM, Ernie Luzar <luzar722 at gmail.com> wrote:
>
>> On Mar 21, 2015, at 11:15 AM, Ernie Luzar <luzar722 at gmail.com <mailto:luzar722 at gmail.com>> wrote:
>>> My ipfilter firewall logs 2 outbound packets on port 25 every 70 minuets. There is no LAN behind this box so it must be coming from the
>>> freebsd 10.0 system or from one of the official installed ports I have.
>>> Sendmail is disabled and postfix is running in it's place.
>>>
>>> 66.96.214.197,25 tcp is the target public ip address.
>>>
>>> How should I go about finding the running task that is doing this???
>>
> > The Lost Admin wrote:
> > Ernie,
> >
> > Did you do an nslookup on the address in question? I did and it is
> > listed as part of the hostnoc.net <http://hostnoc.net> domain.
> > Googling that domain gets some pretty fishy results in the top 10.
> >
> > The Lost Admin
> > thelostadmin at gmail.com <mailto:thelostadmin at gmail.com>
> >
> >
>
> The nslookup command has been removed from the base as its obsolete.
> SO how did you issue that command?
I’m still on 9.3 BUT you’ve also got the host and dig commands instead of nslookup.
> whois command says it belongs to Arabsgate
>
> My orginal question deals with "why is 10.1 issuing these port 25 packets"? IS my 10.1 system compromised??
>
>
>
More information about the freebsd-questions
mailing list