Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 01 Apr 2004 16:30:37 -0600
From:      "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
To:        Lorin Lund <llund@kleenmail.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: unknown tcp connections to dawsonmail.com
Message-ID:  <406C980D.5050408@daleco.biz>
In-Reply-To: <2VFDE0PL3VXT1Z72YFDJFICJEUPMON.406c0e6a@portege>
References:  <2VFDE0PL3VXT1Z72YFDJFICJEUPMON.406c0e6a@portege>

next in thread | previous in thread | raw e-mail | index | archive | help
>
>
>At 06:44 PM 3/30/2004, Lorin Lund wrote:
>  
>
>>I have freebsd 5.2 release running on my server.
>>I have apache2 and MySQL installed and running.  No other
>>daemons to speak of.  Yet my DSL router shows connections
>>to dawsonmail.com.
>>
>>Does anyone have any knowledge or ideas of what might be
>>going on?  The DSL router does not show port info.
>>Just the outside domain name and the inside IP address.
>>    
>>
>3/30/2004 8:35:26 PM, Chuck McManis <cmcmanis@mcmanis.com> wrote:
>  
>
>>Its a bit confusing because you mention the DSL router and "my server" as 
>>if they are two different machines. If they are, then are they the ONLY two 
>>different machines behind the DSL router? Is it possible you have a Windoze 
>>PC on your subnet somewhere? Seems that dawsonmail.com is a hostile web 
>>site (it attempts to install adware) perhaps you have something connected 
>>to it somewhere?
>>
>>--Chuck
>>
>>    
>>
]
] Lorin Lund wrote:

] Qwest is my phone company.  When I signed up for DSL I opted for
] and external DSL connection.  They supplied an ActionTec router/hub/modem.
] It has an HTML interface for configuration and it has a limited amount 
] of traffic logging.  The log shows the external domain and the internal
] IP address.  There are several Windoze boxes and my FreeBSD box.  The 
] ActionTec does NAT.  Anything that comes in that isn't a response to an
] outgoing packet would normally be dropped.  But I have enabled an 
] option to have all other traffic go to my FreeBSD box.  I don't know if
] the log shows only outgoing traffic or if it includes unsolicited incoming
] stuff.  If so the dawsonmail.com could be them probing me. 
] 
] But if they have managed somehow to get stuff into my FreeBSD system I want to 
] find out how and to cut it off.


This last sentence is quite unlikely.  I'm not trying
to poke fun at any person, especially you, but *if*
dawsonmail is an 'adware' outfit, (and I'm taking Chuck's
word on that) they've got nothing on your FBSD
box, unless you are browsing a site that has one of
their ads in its code.

Many Winblows installs are as full of holes as
Swiss cheese.  This isn't to say that FreeBSD
is necessarily more secure (although if we wanted
to attempt to prove this, evidence might well be
sufficient, it's just that I'm not crusading in the flame
wars here).  It is certain that adware, spyware and
virii/trojans coded for a Windows environment will
not execute on FreeBSD.

The chances are extremely high that one of the
following is true:

a]  A Windows machine on your LAN has adware
    /spyware on it.

b]  A Windows machine on your LAN *had* adware
    /spware on it, the remote site noted a static IP,
    and it is periodically "calling all cars...."

Were I a wagering individual, I'd lay my $$ on a]
I have hardly been on a Windows service call lately
in which I've not seen any adware/spyware, except
maybe in my own home.  My family members are
advised on pain of near-death not to install software
from the Internet ....

Kevin Kinsey
DaleCo, S.P.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?406C980D.5050408>