On Wednesday 18 January 2006 14:34, Ken Stevenson pondered: > Is there any chance you have a router that's forwarding the ports > in question to another computer?
Not that I know of. The setup is quite simple: wireless ethernet(PPPoE) ethernet ISP<------->Modem<------>FreeBSD gateway<------->LAN FreeBSD is my router with ppp -ddial -nat and a custom ipfw script that blocks all incoming connections while allowing legitimate traffic out (with keep-state rules). Check this out: ftp <my_server> gives 220 Frox transparent ftp proxy. Login with [EMAIL PROTECTED]:port]] Name (...) I have never even heard of "frox" before, but after some googling it turns out that it's a GPL'ed transparent ftp proxy... Also, I said smtp ports were open on the machines in question, I just verified that I can send emails via BOTH these systems even though no sendmail/exim/whatever was ever installed by me and sendmail_enable="None" on both. My servers have been compromised, fantastic. And that with an initial firewall'ed setup that left NO open ports (I verified that a while ago with nmap). So much for my impression that FreeBSD was secure. How could this have happened? ipfw buffer overflow? Some other unknown vulnerability? I really wanna find out how they got in (syslog offers no clues btw, I've been rootkitted after all :-( Any suggestions other than format/reinstall/tripwire? -- Kilian Hagemann Climate Systems Analysis Group University of Cape Town Republic of South Africa Tel(w): ++27 21 650 2748 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"