Checking the iptables rules whilst working on the firewall, I found these crazy rules in the acctboth chain:
tcp -- chaos.xenophase.net anywhere tcp dpt:http
tcp -- anywhere chaos.xenophase.net tcp spt:http
tcp -- chaos.xenophase.net anywhere tcp dpt:smtp
tcp -- anywhere chaos.xenophase.net tcp spt:smtp
tcp -- chaos.xenophase.net anywhere tcp dpt:pop3
tcp -- anywhere chaos.xenophase.net tcp spt:pop3
icmp -- chaos.xenophase.net anywhere
icmp -- anywhere chaos.xenophase.net
tcp -- chaos.xenophase.net anywhere
tcp -- anywhere chaos.xenophase.net
udp -- chaos.xenophase.net anywhere
udp -- anywhere chaos.xenophase.net
all -- chaos.xenophase.net anywhere
all -- anywhere chaos.xenophase.net
tcp -- ftp.striked.org anywhere tcp dpt:http
tcp -- anywhere ftp.striked.org tcp spt:http
tcp -- ftp.striked.org anywhere tcp dpt:smtp
tcp -- anywhere ftp.striked.org tcp spt:smtp
tcp -- ftp.striked.org anywhere tcp dpt:pop3
tcp -- anywhere ftp.striked.org tcp spt:pop3
icmp -- ftp.striked.org anywhere
icmp -- anywhere ftp.striked.org
tcp -- ftp.striked.org anywhere
tcp -- anywhere ftp.striked.org
udp -- ftp.striked.org anywhere
udp -- anywhere ftp.striked.org
all -- ftp.striked.org anywhere
all -- anywhere ftp.striked.org
I must say I'm not too happy they're there, apparently I'm taking care of mail for these slackers. I've banned their IP from the server outright, and poking around, have discovered that these lines get loaded when bandmin is executed.
Not being an expert at these things, and my resident expert being away - this needs to get taken care of asap - any help goes most appreciated.
Cordially.
Alexandre
