# Potential Security Concern



## rdlfree (Jul 17, 2012)

I have brought this up before, but this is different. Does anyone know why a default FreeBSD 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 02:52:29 UTC 2012 with Gnome2 running seeks foreign (to me) IP address (i.e. 147.229.9.40). This is an issue that my UNIX box seeks this address with no running network apps. My previous issue was related to the Gnome-applet this is different and solved.

Log Rule default drop and here is the log:


> Jul 17 15:55:44 kernel: ipfw: 299 Deny TCP 10.255.0.222:33815 147.229.9.40:80 out via em0
> Jul 17 15:56:03    last message repeated 4 times
> Jul 17 15:57:37    last message repeated 3 times
> Jul 17 16:02:57    last message repeated 5 times



The contact point of the IP address is (whois):


> person:         Vladimir Zahorik
> address:        Brno University of Technology
> address:        Center of Computing and Information Services
> address:        Antoninska 1
> ...



And here is the output of lsof -i:


> COMMAND    PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
> gnome-ses 1666         7u  IPv6 --Removed---------      0t0  TCP *:33768 (LISTEN)
> gnome-ses 1666         8u  IPv4 --Removed---------      0t0  TCP *:12263 (LISTEN)
> gnome-ses 1666         7u  IPv6 --Removed---------      0t0  TCP *:33768 (LISTEN)
> ...



and here is the output of netstat -i:


> Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
> em0    1500 <Link#1>       --Removed--          2223     0     0     2054     0     0
> em0    1500 --Removed--    --Removed--          2153     -     -     2031     -     -
> usbus     0 <Link#2>                               0     0     0        0     0     0
> ...


----------



## SNK (Jul 18, 2012)

That IP belongs to update3.FreeBSD.org.

Might want to run
`# freebsd-update install`
to tie up possible loose ends.


----------



## rdlfree (Jul 19, 2012)

*Close Concern*

Thanks.:\


----------

