[lug] Getting hacked through Samba?

Nate Duehr nate at natetech.com
Fri Dec 31 13:22:08 MST 1999


Sounds like portscanning to me.  Load something like "snort" or any
of the other portscan detectors out there.  Fire up ipchains and
block access to the samba ports from anything outside your local
network... etc etc etc.

Good luck!

On Thu, Dec 30, 1999 at 09:18:54AM -0700, Chip Atkinson wrote:

> I was going through /var/log and noticed an interesting file.  It was
> samba-log.ralph and samba-log.starwolf.  The thing is that there are no
> machines with the names ralph or starwolf on my network.  The date of the
> ralph file is yesterday at 6:06 am, at which time I can assure you
> legitimate no sysadmin stuff was going on. 
> 
> The contents of the ralph file is one line saying 
> Closing connections
> The starwolf file is 8 lines of the same.

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/19991231/5168471e/attachment.pgp>


More information about the LUG mailing list