Log question - Did I get hacked?

[thejestre]

Hello all,

I noticed my FreeNAS box's Ethernet port LEDs have been flashing all morning long, but I am not transferring any data 8(. I found the following in the console messages:

Code:

Nov 12 03:01:01 Fatty sudo:     root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/etc/find_alias_for_smtplib.py -i root
Nov 12 03:01:01 Fatty sudo:     root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/etc/find_alias_for_smtplib.py -i root

Thanks for helping a noob out.

_theJestre

 

[tingo]

Nope, that is from a standard job that comes with FreeNAS:

Code:

tingo@kg-f3$ ls -l /etc/fin*
-rwxr-xr-x  1 root  wheel  3284 Jun 11 19:01 /etc/find_alias_for_smtplib.py
tingo@kg-f3$ head /etc/find_alias_for_smtplib.py
#!/usr/local/bin/python

import argparse
import email
import email.parser
import re
import sys

from django.core.management import setup_environ
from django.utils.translation import ugettext_lazy as _

 

[jgreco]

Ethernet can be a chatty protocol and lights flashing don't necessarily relate to any NAS file transfer activity. Your hardware doesn't care if the packets are CIFS/NFS/iSCSI or if it's an ARP answer, your transmit LED will flash. Depending on the hardware, it isn't all that uncommon to flash on receiving packets either, and there are a lot of broadcast protocols these days. If you want to find out what it's seeing, try "tcpdump -n". You'll probably find it to be something like DLNA or Bonjour or some other noisy protocol designed by someone who wanted to make your network require less manual configuration (which is nice for regular users but is a problem for advanced users). Or it could be a protocol you're actually using, like CIFS, that's just chatty in an unexpected way.