I’m trying a Beaglebone Black with the latest image downloaded from here:
Debian image for BeagleBone Black using external microSD Kernel: 5.10.168-ti-r71 U-Boot: v2022.04 default username:password is [debian:temppwd] For flashing instructions or other images, see https://forum.beagleboard . org/t/debian-11-x-bullseye-monthly-snapshot-2023-09-02/31280
Looking at the TCP interface with Wireshark I see that the module tries to automatically connect to port 25 and send emails to random mail servers every 30 seconds.
Has anyone had my problem?
Marioles:
The module works well
Which module? I’m trying to think, what software package automatically sends packets over 25 this day and age…
P. S. the IP address of the board is 192.168.1.14
The module is BeagleBone Black with serial number 3914BBBK2833.
Wireshark Beaglebone Black.pcapng (2,5 MB)
These files are Wireshark capture on TCP port
okay, module = beaglebone black, here i thought it was something else you plugged in…
nc localhost -v 25
Regards,
But I think is a Server SMTP no client . It can not send Email
RobertCNelson:
nc localhost -v 25
whith Nmap I can see port 25 open ssh
i’m checking the image, console, iot or xfce?
Regards,
RobertCNelson:
iot or xfce
Sorry before i 've confused port 25 with port 22
Correct 22 is open, for ssh access…
So is port 25 sending emails by default, and which image, so i can disable/kill it…
Regards,
Is that out of the box image?
Was your board locked down before/while connected to the internet?
That would not be an isssue locally, make sure your gateway is blocking 22 inbound from the internet.
How can I disable/Kill port 25 ?
At this point, pull the board from your network.
Are you in the Netherlads?
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://apps.db.ripe.net/docs/HTML-Terms-And-Conditions
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '185.183.33.0 - 185.183.33.255'
% Abuse contact for '185.183.33.0 - 185.183.33.255' is 'abuse@worldstream.nl'
inetnum: 185.183.33.0 - 185.183.33.255
netname: WORLDSTREAM
country: NL
admin-c: WS1670-RIPE
tech-c: WS1670-RIPE
status: ASSIGNED PA
mnt-by: MNT-WORLDSTREAM
mnt-domains: MNT-WORLDSTREAM
mnt-routes: MNT-WORLDSTREAM
created: 2019-02-05T09:20:16Z
last-modified: 2019-02-05T09:20:16Z
source: RIPE # Filtered
role: WORLDSTREAM DBM
address: Industriestraat 24
address: 2671CT NAALDWIJK
address: The Netherlands
phone: +31174712117
abuse-mailbox: abuse@worldstream.nl
admin-c: DV1495-RIPE
tech-c: DV1495-RIPE
nic-hdl: WS1670-RIPE
mnt-by: MNT-WORLDSTREAM
created: 2008-05-15T09:52:38Z
last-modified: 2013-08-20T11:17:59Z
source: RIPE # Filtered
% Information related to '185.183.33.0/24AS49981'
route: 185.183.33.0/24
origin: AS49981
remarks: ------------------------------------------------
remarks: Abuse notifications to: abuse@worldstream.nl
remarks: ------------------------------------------------
mnt-by: MNT-WORLDSTREAM
created: 2022-11-22T09:53:05Z
last-modified: 2022-11-22T09:53:05Z
source: RIPE
After pulllng the board continue PCAP and see what else is going on.
ufw… UncomplicatedFirewall - Ubuntu Wiki
but still an out of box image should not be sending emails over port 25, please let us know exactly what image it was… File name…
Regards,
Tomorrow i’ll repeat flash immage and write you the result
AM335x 11.7 2023-09-02 4GB microSD IoT
Kernel: 5.10.168-ti-r71Debian 11.x (Bullseye) - Monthly Snapshot - 2023-10-07
I uploaded and tested this morninghttps://rcn-ee.net/rootfs/release/2023-09-02/bullseye-iot-armhf/am335x-debian-11.7-iot-armhf-2023-09-02-4gb . img.xz
I edited the file
car eth0
to have static IP
Unfortunately, everything is as before
I will now try to buy a new BeagleBone Black and repeat all the tests
Regards
