Hi, I had opened the remote access for the EFW (HTTPS on port 10443), I disabled it and everything is ok. Should I reinstall the EFW box ?!
Thanks! On Wed, Apr 7, 2010 at 9:12 AM, <lane.ben...@southernpiping.com> wrote: > I’m no security expert, but it looks like a cross-site scripting attack > to me. Have you opened up from-*-to-* on port 80? > > > > BTW, the 81… address is in Amsterdam and the 119… address is somewhere in > the Asia Pacific. > > > > <http://www.southernpiping.com/> > <http://www.southernpiping.com/><http://www.southernpiping.com/> > > <http://www.southernpiping.com/> <http://www.southernpiping.com/>Lane > Beneke <lane.ben...@southernpiping.com> > > Network Administrator > > Southern Piping Co. > > Office: 252-291-1561 ext. 1148 > > Mobile: 252-205-6795 > > Email: lane.ben...@southernpiping.com > > > > > > > > > > > > > > > > > ------------------------------ > > *From:* Rafael Fonseca [mailto:rafael.m...@gmail.com] > *Sent:* Wednesday, April 07, 2010 2:24 AM > *To:* efw-user@lists.sourceforge.net > *Subject:* Re: [Efw-user] EFW 2.3 traffic > > > > Sounds like someone got access to your box. Check Kernel log for SSH in and > out. > > -- > > Rafael Fonseca > > > > On 7/04/2010, at 1:31 PM, Andres Gonzalez wrote: > > > > I disabled the remote system access and (Firewall -> System Access) and > now everything is ok ... could be that the apache services has been used as > "proxy" from Internet ?! > > On Tue, Apr 6, 2010 at 9:06 PM, Andres Gonzalez <tuc...@gmail.com> wrote: > > Hi, I'm having some troubles with outgoing traffic to the Internet. I > unplugged the LAN UTP and there's still outgoing traffic. > Looking at the logs I have this: > > 2010-04-06 20:46:00 6962 81.67.210.216 TCP_MISS/000 0 GET > http://119.160.245.57/config/isp_verify_user?l=Drummer176&p= abe - DIRECT/ > 119.160.245.57 - > > This menas that 81.67.210.216 is trying to connect to 119.160.245.57 ??? > Neither of the 2 IP address belongs to me. If I stop the HTTP Proxy (even > with the LAN UTP wire disconnected) the outgoing "strange" traffic stops. > > Could be that the box has been compromised ? > Any idea is welcome. > > Regards. > > > > > -- > AGD > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > > http://p.sf.net/sfu/intel-sw-dev_______________________________________________ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- AGD
<<image002.jpg>>
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
