[SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread Nick Croft
Evening list, I've been extra preoccupied for the last couple of months. Today I took the time to look around and noticed a huge number of /var/log/samba messages, all of the form: [2003/12/15 21:51:00, 1] smbd/service.c:make_connection(766) make_connections: refusing

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread David Kempe
Nick Croft wrote: Any help on a rule here would be much appreciated. you have samba listening on an internet interface? turn that one off... I think the directive is listen on, or bind to or something. its just not a great idea to have samba listening on an internet interface if you can help it.

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread Grant Parnell
Just backing up what David said... for example in/etc/samba/smb.conf interfaces = 127.0.0.0/255.0.0.0 192.168.0.0/255.255.255.0 Also, block ports 137,138,139,445 udp tcp with the firewall. EG iptables -A INPUT -i ppp0 -p udp --dport 137:139 -j DROP iptables -A INPUT -i ppp0 -p udp --dport 445

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread Torquemada
Hi, you should be firewalling ports 135-139 inclusive (not 137-139) kind regards Norman On Tue, 16 Dec 2003, Grant Parnell wrote: Just backing up what David said... for example in/etc/samba/smb.conf interfaces = 127.0.0.0/255.0.0.0 192.168.0.0/255.255.255.0 Also, block ports

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread Grant Parnell
On Tue, 16 Dec 2003, Torquemada wrote: Hi, you should be firewalling ports 135-139 inclusive (not 137-139) Hmm probably, they're not in my /etc/services file do you know what they're for? (ie 135 136) Naturally I block everything and log attempts unless the customer requests

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread Nick Croft
* Grant Parnell ([EMAIL PROTECTED]) wrote: Just backing up what David said... Also, block ports 137,138,139,445 udp tcp with the firewall. EG iptables -A INPUT -i ppp0 -p udp --dport 137:139 -j DROP iptables -A INPUT -i ppp0 -p udp --dport 445 -j DROP iptables -A INPUT -i ppp0 -p tcp

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread John Clarke
On Tue, Dec 16, 2003 at 09:26:47 +1100, Grant Parnell wrote: Hmm probably, they're not in my /etc/services file do you know what they're for? (ie 135 136) Port 135 is Microsoft's DCE locator service, a service similar to the Sun RPC portmapper. It was the target of one of the recent worms.

Re: [SLUG] 7000+ /var/log/samba messages in 6 weeks (?!)

2003-12-15 Thread Torquemada
Howdy, everything to do with windows, just feels better blocking 135:139 and 445 ms names it for remote-procedure: 135/TCP RPC * http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.aspNoWebContent=1 my /etc/services file names