I'm no security expert, but it looks like a cross-site scripting attack to me. Have you opened up from-*-to-* on port 80?
BTW, the 81... address is in Amsterdam and the 119... address is somewhere in the Asia Pacific. <http://www.southernpiping.com/> <http://www.southernpiping.com/> <http://www.southernpiping.com/> <http://www.southernpiping.com/> <http://www.southernpiping.com/> Lane Beneke <mailto:lane.ben...@southernpiping.com> Network Administrator Southern Piping Co. Office: 252-291-1561 ext. 1148 Mobile: 252-205-6795 Email: lane.ben...@southernpiping.com ________________________________ From: Rafael Fonseca [mailto:rafael.m...@gmail.com] Sent: Wednesday, April 07, 2010 2:24 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] EFW 2.3 traffic Sounds like someone got access to your box. Check Kernel log for SSH in and out. -- Rafael Fonseca On 7/04/2010, at 1:31 PM, Andres Gonzalez wrote: I disabled the remote system access and (Firewall -> System Access) and now everything is ok ... could be that the apache services has been used as "proxy" from Internet ?! On Tue, Apr 6, 2010 at 9:06 PM, Andres Gonzalez <tuc...@gmail.com> wrote: Hi, I'm having some troubles with outgoing traffic to the Internet. I unplugged the LAN UTP and there's still outgoing traffic. Looking at the logs I have this: 2010-04-06 20:46:00 6962 81.67.210.216 TCP_MISS/000 0 GET http://119.160.245.57/config/isp_verify_user?l=Drummer176&p= abe - DIRECT/119.160.245.57 <http://119.160.245.57/> - This menas that 81.67.210.216 is trying to connect to 119.160.245.57 ??? Neither of the 2 IP address belongs to me. If I stop the HTTP Proxy (even with the LAN UTP wire disconnected) the outgoing "strange" traffic stops. Could be that the box has been compromised ? Any idea is welcome. Regards. -- AGD ------------------------------------------------------------------------ ------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev________________________________________ _______ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
oledata.mso
Description: oledata.mso
<<image002.jpg>>
<<image001.png>>
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
