Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Jun 2003 21:50:36 -0400
From:      Jaime <jaime@snowmoon.com>
To:        Bill Moran <wmoran@potentialtech.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ping: sendto: No buffer space available
Message-ID:  <4195050A-A12F-11D7-8F3A-000393193538@snowmoon.com>
In-Reply-To: <3EEFC22E.3040105@potentialtech.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, June 17, 2003, at 09:36  PM, Bill Moran wrote:
> I found a web page that claims that nscd is a Debian program called
> "name service cache daemon". (Cache only DNS server?)  So if it's 
> connecting
> to any port other than DNS, it's probably a trojan pretending to be 
> nscd.

	I think that I found the same page.  I agree with your assessment.  
The IP address that it is attempting to connect to is not found via 
traceroute and is registered to what appears to be a Russian ISP.  How 
odd....

	I'll be grabbing new source code and recompiling everything tomorrow.  
The box was running 4.7-Stable anyway.  :)  The troubling part is that 
the process claims to be /usr/sbin/nscd, but that file doesn't exist.  
I'll have to see how they did that with lsof, mergemaster, etc.

								Jaime



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4195050A-A12F-11D7-8F3A-000393193538>