Date: Fri, 3 Aug 2001 14:32:09 +0100 (BST) From: Gavin Atkinson <gavin@ury.york.ac.uk> To: ADiNA <ad1na@yahoo.com> Cc: <stable@FreeBSD.ORG> Subject: Re: Also weird packet (Was: weird packet ... anyone) Message-ID: <Pine.BSF.4.33.0108031426260.61259-100000@ury.york.ac.uk> In-Reply-To: <20010803021033.57267.qmail@web13301.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Doesn't really belong in stable, but... On Thu, 2 Aug 2001, ADiNA wrote: > while i have the same condition as Vlad, it did not stopped there. i > almost got the message everyday; > > Connection attempt to UDP 203.106.241.163:1331 from 203.106.241.168:53 > Connection attempt to UDP 203.106.241.163:1337 from 203.106.241.168:53 > Connection attempt to UDP 203.106.241.163:1340 from 203.106.241.168:53 I get the same thing - i believe these are harmless. 203.106.241.168 will be your DNS server. Some DNS servers do try to reverse-connect... don't know why. > later on, i got these ... > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2027 > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2032 > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2032 > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2041 > .... Sendmail attempting to connect back to thelocalhost's 'biff' service (comsat) which runs on UDP port 512. Harmless. > i ignore the messages, and only yesterday that one person admitted he'd > been in my system for almost three weeks monitoring mails!!! I'm certain the above messages are unconnected to anybody having access to your system. Compare /var/log/messages with /var/log/maillog - each of the connection attempts to port 512 will correspond with a local user receiving mail. As for the others, using nslookup will reveal them errors. THey are nothing to do with somebody having compromised your box. As for that, your easiest option is to re-install from a known-good source (maybe a -RELEASE burned from the ISO?) Gavin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0108031426260.61259-100000>