Date: Fri, 5 Apr 2002 09:01:04 +0100 From: Mike Dewhirst <Dewhirst.M@UCLES.org.uk> To: questions@freebsd.org Subject: RE: have I been hacked?! Message-ID: <0B0368CED76DD4118E1200D0B73E9B5D041E9FA8@MAIL1>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DC78.08DA1220 Content-Type: text/plain; charset="iso-8859-1" Gets a little stranger. I reboothed the box (before I read these emails) and now the ports are dead - as in they're not listening anymore... would installing a firewall on the same machine be a good security measure, or an overkill? Thank you very much for the help so far and in advance for more :) Mike PS Apologies for HTML mail - M$ Exchange at work.... > -----Original Message----- > From: Joseph Wright [mailto:jwright@mbakercorp.com] > Sent: 04 April 2002 17:39 > To: questions@freebsd.org; Dewhirst.M@UCLES.org.uk > Subject: Re: have I been hacked?! > > > These might just be pieces of software that were installed a > while back. > Both are valid pieces of software listening on the correct port. > > netcheque on 4008 is used for the NetCheque Accounting package > > and > > funproxy 1505 is used for Funk Software, Inc. proxy server > > you might want to check who owns the process use: sockstat > > >>> Mike Dewhirst <Dewhirst.M@UCLES.org.uk> 04/04/02 05:13PM >>> > I did a netscan of my box (which I;ve not done for 2-3 months or so) > and > spotted this: > > 1505/tcp open funkproxy > 4008/tcp open netcheque > > I've never heard of either. > > Has the system been compromised? > > Any help would be extremely appreciated. > > Mike > > > This message was written in plain text mode. > Everything below the dotted line was not > written by the author of this email. > ---------------------- > > > =********************************************************** > > If you are not the intended recipient, employee or agent responsible > for delivering the message to the intended recipient, you are hereby > notified that any dissemination or copying of this > communication and its > attachments is strictly prohibited. > > If you have received this communication and its attachments in error, > please return the original message and attachments to the sender using > the reply facility on e-mail. > > Internet communications are not secure and therefore the UCLES Group > does not accept legal responsibility for the contents of this > message. > Any views or opinions presented are solely those of the author and do > not necessarily represent those of the UCLES Group unless otherwise > specifically stated. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses although > this does not > guarantee that this email is virus free. > > **********************************************************= > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > =********************************************************** If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination or copying of this communication and its attachments is strictly prohibited. If you have received this communication and its attachments in error, please return the original message and attachments to the sender using the reply facility on e-mail. Internet communications are not secure and therefore the UCLES Group does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of the UCLES Group unless otherwise specifically stated. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses although this does not guarantee that this email is virus free. **********************************************************= ------_=_NextPart_001_01C1DC78.08DA1220 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-= 1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12"> <TITLE>RE: have I been hacked?!</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Gets a little stranger. I reboothed the box (before I rea= d these emails) and now the ports are dead - as in they're not listening an= ymore...</FONT></P> <P><FONT SIZE=3D2>would installing a firewall on the same machine be a good= security measure, or an overkill?</FONT> </P> <P><FONT SIZE=3D2>Thank you very much for the help so far and in advance fo= r more :)</FONT> </P> <P><FONT SIZE=3D2>Mike</FONT> </P> <P><FONT SIZE=3D2>PS Apologies for HTML mail - M$ Exchange at work....</FON= T> </P> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: Joseph Wright [<A HREF=3D"mailto:jwright@mbak= ercorp.com">mailto:jwright@mbakercorp.com</A>]</FONT> <BR><FONT SIZE=3D2>> Sent: 04 April 2002 17:39</FONT> <BR><FONT SIZE=3D2>> To: questions@freebsd.org; Dewhirst.M@UCLES.org.uk<= /FONT> <BR><FONT SIZE=3D2>> Subject: Re: have I been hacked?!</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> These might just be pieces of software that were in= stalled a </FONT> <BR><FONT SIZE=3D2>> while back.</FONT> <BR><FONT SIZE=3D2>> Both are valid pieces of software listening on the = correct port.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> netcheque on 4008 is used for the NetCheque Account= ing package</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> and</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> funproxy 1505 is used for Funk Software, Inc.= proxy server</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> you might want to check who owns the process use: s= ockstat</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> >>> Mike Dewhirst <Dewhirst.M@UCLES.org= .uk> 04/04/02 05:13PM >>></FONT> <BR><FONT SIZE=3D2>> I did a netscan of my box (which I;ve not done for = 2-3 months or so)</FONT> <BR><FONT SIZE=3D2>> and</FONT> <BR><FONT SIZE=3D2>> spotted this:</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> 1505/tcp open &n= bsp; funkproxy</FONT> <BR><FONT SIZE=3D2>> 4008/tcp open &n= bsp; netcheque</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> I've never heard of either.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Has the system been compromised?</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Any help would be extremely appreciated.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Mike</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> This message was written in plain text mode. </FONT> <BR><FONT SIZE=3D2>> Everything below the dotted line was not </FONT> <BR><FONT SIZE=3D2>> written by the author of this email. </FONT> <BR><FONT SIZE=3D2>> ---------------------- </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> =3D************************************************= **********</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> If you are not the intended recipient, employee or = agent responsible</FONT> <BR><FONT SIZE=3D2>> for delivering the message to the intended recipien= t, you are hereby</FONT> <BR><FONT SIZE=3D2>> notified that any dissemination or copying of this = </FONT> <BR><FONT SIZE=3D2>> communication and its</FONT> <BR><FONT SIZE=3D2>> attachments is strictly prohibited.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> If you have received this communication and its att= achments in error,</FONT> <BR><FONT SIZE=3D2>> please return the original message and attachments = to the sender using</FONT> <BR><FONT SIZE=3D2>> the reply facility on e-mail.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Internet communications are not secure and therefor= e the UCLES Group</FONT> <BR><FONT SIZE=3D2>> does not accept legal responsibility for the conten= ts of this </FONT> <BR><FONT SIZE=3D2>> message. </FONT> <BR><FONT SIZE=3D2>> Any views or opinions presented are solely those of= the author and do</FONT> <BR><FONT SIZE=3D2>> not necessarily represent those of the UCLES Group = unless otherwise</FONT> <BR><FONT SIZE=3D2>> specifically stated.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> This footnote also confirms that this email message= has been swept by</FONT> <BR><FONT SIZE=3D2>> MIMEsweeper for the presence of computer viruses al= though </FONT> <BR><FONT SIZE=3D2>> this does not</FONT> <BR><FONT SIZE=3D2>> guarantee that this email is virus free.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> ***************************************************= *******=3D</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> To Unsubscribe: send mail to majordomo@FreeBSD.org<= /FONT> <BR><FONT SIZE=3D2>> with "unsubscribe freebsd-questions" in t= he body of the message</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> <CODE><FONT SIZE=3D3><BR> <BR> =3D**********************************************************<BR> <BR> If you are not the intended recipient, employee or agent responsible for de= livering the message to the intended recipient, you are hereby notified tha= t any dissemination or copying of this communication and its attachments is= strictly prohibited.<BR> <BR> If you have received this communication and its attachments in error, pleas= e return the original message and attachments to the sender using the reply= facility on e-mail.<BR> <BR> Internet communications are not secure and therefore the UCLES Group does n= ot accept legal responsibility for the contents of this message. Any views= or opinions presented are solely those of the author and do not necessaril= y represent those of the UCLES Group unless otherwise specifically stated.<= BR> <BR> This footnote also confirms that this email message has been swept by<BR> MIMEsweeper for the presence of computer viruses although this does not gua= rantee that this email is virus free.<BR> <BR> **********************************************************=3D<BR> </FONT></CODE> </BODY> </HTML> ------_=_NextPart_001_01C1DC78.08DA1220-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0B0368CED76DD4118E1200D0B73E9B5D041E9FA8>