From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 12 13:20:47 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DA22216A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 12 Feb 2004 13:20:47 -0800 (PST)
Received: from mail.rtl.org (rtl-3.i2k.com [63.94.12.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA6EF43D1F
	for <freebsd-questions@freebsd.org>;
	Thu, 12 Feb 2004 13:20:47 -0800 (PST)
	(envelope-from jstewart@rtl.org)
Received: from mis3c.rtl.lan (rtl-2.i2k.com [63.94.12.206])
	by mail.rtl.org (Postfix) with ESMTP
	id 5DEF630AEA; Thu, 12 Feb 2004 16:19:53 -0500 (EST)
Received: by mis3c.rtl.lan (Postfix, from userid 500)
	id A4C694FD1; Thu, 12 Feb 2004 16:20:47 -0500 (EST)
Date: Thu, 12 Feb 2004 16:20:47 -0500
From: Jason Stewart <jstewart@rtl.org>
To: Wallace Aiken <Aiken@salem.kent.edu>
Message-ID: <20040212212047.GF17414@rtl.org>
Mail-Followup-To: Wallace Aiken <Aiken@salem.kent.edu>,
	freebsd-questions@freebsd.org
References: <200402121525.AA26542198@mail.salem.kent.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200402121525.AA26542198@mail.salem.kent.edu>
User-Agent: Mutt/1.4.1i
cc: freebsd-questions@freebsd.org
Subject: Re: Spimware infection
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2004 21:20:48 -0000

On 12/02/04 15:25 -0500, Wallace Aiken wrote:
> Hi, I'm using two of your firewalls...they work great. But all of a sudden they're showing signs of "Spimmware" infection, a kind of spyware. 
> 
> I work for Kent State university and their network scan came up with the IPs and host names of my firewalls, as well as some other hosts on my subnet that were not behind the firewall...can you give me any advice?
> 
What is spimware? I search google for the term and get 0 results.
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=utf-8&safe=off&q=spimware&sa=N&tab=gw.

How do you discover that the firewalls have been compromised?