[Samba] ignoring malformed3 datagram packet
samba.20.andwin at spamgourmet.com
samba.20.andwin at spamgourmet.com
Fri Apr 18 02:44:19 MDT 2014
Just for the record: After some investigation I've found out that
these malformed packages originate from a service called 'NuTCRACKER'
on the Windows clients which seems to be installed along with products
from PTC.
Best regards
Andreas
On Wed, Apr 16, 2014 at 8:43 PM, Jeremy Allison - jra at samba.org
<samba.andwin.dacc010f26.jra#samba.org at ob.0sg.net> wrote:
> On Tue, Apr 15, 2014 at 08:21:08PM +0200, samba.20.andwin at spamgourmet.com wrote:
>> Hi,
>> after quite some testing I do now have my Samba4 setup in production
>> use. The setup mainly consists of an AD-Controller and an AD Member
>> Server which provides file shares to about 20 Windows 7 clients.
>> Everything is working well so far except for two somewhat 'special'
>> clients. For these I observe the following:
>>
>> 1) On the AD Member Server periodically (every hour) appears a message
>> in log.nmbd similar to the following for each of the two clients:
>>
>> [2014/04/15 13:47:46, 0] ../source3/nmbd/nmbd_packets.c:1289(process_dgram)
>> process_dgram: ignoring malformed3 (datasize = 494, len=408,
>> off=100) datagram packet sent to name MYDOM<00> from IP 192.168.0.107
>
> This is giving notice that someone sent an invalid, potentially
> dangerous packet from that IP address.
>
> if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) {
> DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \
> packet sent to name %s from IP %s\n",
>
> This might be an attack, or an error in the client.
> Investigate... Maybe a virus ?
>
> Jeremy.
>
More information about the samba
mailing list