On Thu, 19 Jan 2006, Kilian Hagemann wrote:
Hi guys,
Just to find closure on this thread, I'd like to admit that I jumped to
conclusions too early and would like to share what had actually happened,
after many hours wasted playing the detective :-( (glad I didn't
format/reinstall though)
When I "used" my FreeBSD gateway as an smtp server to convince myself I had
been hacked, the smtp connection was somehow redirected to one of my
institution's mail servers (or at least that's what gmail's mail headers are
saying). Funny enough the same trick no longer works today, but then they're
currently upgrading lots of stuff around here so that's a different story.
Then when I used ftp to connect to my gateway and it came up with "frox
transparent proxy", someone had actually intercepted my connection and
forged/spoofed a reply. I know that because I went to the premises of my box,
unplugged everything and tried that trick again, successfully, from a
separate dial-up connection. Hey, nmap even told me my box had ports open
even though it wasn't even up!
I've never seen anything like this before, but I've notified my ISP. Remains
to be seen if they do anything about it...
Good to know you werent hacked, I have seen this before for at least one
dialup ISP, redirecting all smtp traffic via their smtp server(s)
presumably to stop spammers. (Confused me back at the time to see an exim
banner on what should be a sendmail server.) Havent heard about other
services having this kind of "transparent proxy" imposed but it doesnt
supprise me.
Vince
Anyway, long story short I'm glad I'm still secure and thanks to everyone who
helped me out and gave me advice.
--
Kilian Hagemann
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"