Re: [Samba] Blocking internet access to Samba
Or maybe someone trying to netsend you some spam about cheap diplomas :) [EMAIL PROTECTED] wrote: Brian Johnson schrieb: My samba.smbd log shows multiple entries such as:[2002/10/30 10:30:04, 0] lib/access.c:check_access(323) Denied connection from (211.163.100.141) this are viruses / hackertools / hacker...
RE: [Samba] Blocking internet access to Samba
Yes, that's definitely coming from a different subnet. iptables handles it just fine if configured well. I use something like: -A INPUT # if coming from local subnet # -j localnet -A INPUT # if coming from external source # -j badnet -A badnet -p tcp -m tcp --dport 22 -j ACCEPT -A badnet -j DROP -A localnet -p tcp -m tcp --dport 22 -j ACCEPT -A localnet -p tcp -m tcp --dport 80 -j ACCEPT -A localnet -j samba -A localnet -j DROP -A samba -p tcp -m tcp --dport 139 -j ACCEPT -A samba -p udp -m udp --dport 137 -j ACCEPT -A samba -p udp -m udp --dport 138 -j ACCEPT -A samba -p tcp -m tcp --dport 901 -j ACCEPT # for swat I hope this helps. --Kaleb -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org] On Behalf Of Brian Johnson Sent: Wednesday, October 30, 2002 8:26 AM To: [EMAIL PROTECTED] Subject: [Samba] Blocking internet access to Samba My samba.smbd log shows multiple entries such as: [2002/10/30 10:30:04, 0] lib/access.c:check_access(323) Denied connection from (211.163.100.141) They show up about every five minutes and are from a few different IP addresses I thought that my iptables configuration would block connection attempts from the internet - is that what these are? My LAN ip range is 192.168.0.x -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Blocking internet access to Samba
My samba.smbd log shows multiple entries such as: [2002/10/30 10:30:04, 0] lib/access.c:check_access(323) Denied connection from (211.163.100.141) They show up about every five minutes and are from a few different IP addresses I thought that my iptables configuration would block connection attempts from the internet - is that what these are? My LAN ip range is 192.168.0.x -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Blocking internet access to Samba
Kaleb Pederson wrote: Yes, that's definitely coming from a different subnet. iptables handles it just fine if configured well. I use something like: -A INPUT # if coming from local subnet # -j localnet -A INPUT # if coming from external source # -j badnet -A badnet -p tcp -m tcp --dport 22 -j ACCEPT -A badnet -j DROP -A localnet -p tcp -m tcp --dport 22 -j ACCEPT -A localnet -p tcp -m tcp --dport 80 -j ACCEPT -A localnet -j samba -A localnet -j DROP -A samba -p tcp -m tcp --dport 139 -j ACCEPT -A samba -p udp -m udp --dport 137 -j ACCEPT -A samba -p udp -m udp --dport 138 -j ACCEPT -A samba -p tcp -m tcp --dport 901 -j ACCEPT # for swat And tcp 445, the new port that Win2k (and hence Samba 3.0) now uses. (Netbiosless SMB/CIFS) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Blocking internet access to Samba
On Wednesday 30 October 2002 12:53 pm, Andrew Bartlett wrote: Kaleb Pederson wrote: snip And tcp 445, the new port that Win2k (and hence Samba 3.0) now uses. (Netbiosless SMB/CIFS) Andrew Bartlett Doesn't it drop back to 139 (or one of the other ports) if it can't make a connection on (what I believe is the encrypted) port? I'll certainly make sure it's added for samba-3.0, which I eagerly await ;) --Kaleb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Blocking internet access to Samba
Kaleb Pederson wrote: On Wednesday 30 October 2002 12:53 pm, Andrew Bartlett wrote: Kaleb Pederson wrote: snip And tcp 445, the new port that Win2k (and hence Samba 3.0) now uses. (Netbiosless SMB/CIFS) Andrew Bartlett Doesn't it drop back to 139 (or one of the other ports) if it can't make a connection on (what I believe is the encrypted) port? There is very little that is 'encrypted' in SMB. It uses a challange-response authentication scheme - but it has so many holes in it that you would be very unwise to put it anywhere you don't trust... Samba does not support any SMB signing or SMB sealing at present. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Blocking internet access to Samba
Why do they use the same port as https? Kaleb Pederson wrote: On Wednesday 30 October 2002 12:53 pm, Andrew Bartlett wrote: Kaleb Pederson wrote: snip And tcp 445, the new port that Win2k (and hence Samba 3.0) now uses. (Netbiosless SMB/CIFS) Andrew Bartlett Doesn't it drop back to 139 (or one of the other ports) if it can't make a connection on (what I believe is the encrypted) port? I'll certainly make sure it's added for samba-3.0, which I eagerly await ;) --Kaleb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Blocking internet access to Samba
Nick wrote: Why do they use the same port as https? No, that's 443. And don't try to run a non-smb server on 445: It really breaks MS clients badly... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Blocking internet access to Samba
On 08:13 AM 10/31/2002 +1100, Andrew Bartlett wrote: No, that's 443. And don't try to run a non-smb server on 445: It really breaks MS clients badly... Yeah--having done that recently, myself, I can certainly attest to the screams of horror as Apache started... My contract!!! OMG--I was working on that client presentation ALL DAY! etc.. :) (Well ok -- it wasn't *that* melodramatic.. but you get the drift :)) Glenn --- Glenn E. Sieb System Administrator Lumeta Corporation +1 732 357-3514 (V) +1 732 564-0731 (Fax) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba