Re: Spimware infection
On 12/02/04 15:25 -0500, Wallace Aiken wrote: Hi, I'm using two of your firewalls...they work great. But all of a sudden they're showing signs of Spimmware infection, a kind of spyware. I work for Kent State university and their network scan came up with the IPs and host names of my firewalls, as well as some other hosts on my subnet that were not behind the firewall...can you give me any advice? What is spimware? I search google for the term and get 0 results. http://www.google.com/search?hl=enlr=ie=UTF-8oe=utf-8safe=offq=spimwaresa=Ntab=gw. How do you discover that the firewalls have been compromised? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spimware infection
On Thu, Feb 12, 2004 at 03:25:36PM -0500, Wallace Aiken wrote: Hi, I'm using two of your firewalls...they work great. But all of a sudden they're showing signs of Spimmware infection, a kind of spyware. I work for Kent State university and their network scan came up with the IPs and host names of my firewalls, as well as some other hosts on my subnet that were not behind the firewall...can you give me any advice? Please wrap your lines at 70 characters so you emails may be easily read. You'll have to give us some more information, such as what evidence you have that there is a problem with your FreeBSD machines, and exactly what you think that problem is. Kris pgp0.pgp Description: PGP signature
Re: Spimware infection
Wallace Aiken wrote: Date: Thu, 12 Feb 2004 15:25:36 -0500 From: Wallace Aiken [EMAIL PROTECTED] Subject: Spimware infection Hi, I'm using two of your firewalls...they work great. But all of a sudden they're showing signs of Spimmware infection, a kind of spyware. I also can find no information about Spimmware or Spimware. I work for Kent State university and their network scan came up with the IPs and host names of my firewalls, as well as some other hosts on my subnet that were not behind the firewall...can you give me any advice? Are you using NAT to allow the systems behind a firewall to share the IP address of the firewall? If so, it is most likely systems behind the firewalls that are infected, not the firewalls themselves. If they are monitoring network traffic and seeing suspicious activity, NAT would cause it to have the IP number of your firewall and they would naturally assume that was the infected system. If you literally mean network scan rather than network monitoring (i.e. they are actively probing systems for vulnerabilities, not just monitoring network traffic), then ask them which open ports (or other behavior) on the firewalls lead them to believe they are infected, and report that to the list. We can probably explain it then. - Bob ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]