I found a web page that claims that nscd is a Debian program called
"name service cache daemon". (Cache only DNS server?) So if it's connecting
to any port other than DNS, it's probably a trojan pretending to be nscd.
I think that I found the same page. I agree with your assessment. The IP address that it is attempting to connect to is not found via traceroute and is registered to what appears to be a Russian ISP. How odd....
I'll be grabbing new source code and recompiling everything tomorrow. The box was running 4.7-Stable anyway. :) The troubling part is that the process claims to be /usr/sbin/nscd, but that file doesn't exist. I'll have to see how they did that with lsof, mergemaster, etc.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"