I noticed I got a strange connection from what seems to be a user in italy?!? and he connected to my SMB client maybe??
I'm assuming the errors in his logfile ( http://68.48.247.187/log.gustavo.txt ) not finding the service.c file are because he is being denied access.. but how is he connecting in the first place.. And why isnt he being refused by my servers hosts.deny file...?
I have about 6 of these rogue logs with different connect names being used.. what can I do to clear this up??
Also on a side note, Any of you know what the deal is with the martian messages my kernel is getting??
or how to stop them?? They appeared right after a connection attempt by Gustavo.. I've attached a sample.. there are about 200-500 of them ::
Nov 14 04:40:00 server CROND[20451]: (root) CMD ( /usr/share/msec/promisc_check.sh)
Nov 14 04:40:14 server smbd[20459]: [2002/11/14 04:40:14, 0] smbd/service.c:make_connection(248)
Nov 14 04:40:14 server smbd[20459]: gustavo (195.250.245.176) couldn't find service c
Nov 14 04:40:28 server kernel: martian source 169.254.191.7 from 169.254.191.7, on dev eth1
Nov 14 04:40:28 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:06
Nov 14 04:40:28 server kernel: martian source 169.254.191.7 from 169.254.191.7, on dev eth1
Nov 14 04:40:28 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:06
Nov 14 04:40:29 server kernel: martian source 169.254.191.7 from 169.254.191.7, on dev eth1
Nov 14 04:40:29 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:06
Nov 14 04:40:30 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:30 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:30 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:30 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:32 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:32 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:33 server kernel: NET: 1 messages suppressed.
Nov 14 04:40:33 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:33 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:38 server kernel: NET: 13 messages suppressed.
Nov 14 04:40:38 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:38 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:43 server kernel: NET: 4 messages suppressed.
Nov 14 04:40:43 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:43 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:48 server kernel: NET: 3 messages suppressed.
Nov 14 04:40:48 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:48 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:53 server kernel: NET: 6 messages suppressed.
Nov 14 04:40:53 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:53 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:58 server kernel: NET: 9 messages suppressed.
Nov 14 04:40:58 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:40:58 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:41:00 server CROND[20461]: (root) CMD ( /usr/share/msec/promisc_check.sh)
Nov 14 04:41:55 server kernel: NET: 1 messages suppressed.
Nov 14 04:41:55 server kernel: martian source 169.254.255.255 from 169.254.191.7, on dev eth1
Nov 14 04:41:55 server kernel: ll header: ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:42:00 server CROND[20470]: (root) CMD ( /usr/share/msec/promisc_check.sh)
Any help would be appreciated.. just email me please.. [EMAIL PROTECTED]
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
- Re: [Samba] Did I get hacked?? strange log info... Jesse Vaughan
- Re: [Samba] Did I get hacked?? strange log info... Mathias Homann
