Determining client IP address in failed connections
Xavi Serrano
xserrano+samba at ac.upc.es
Fri Jul 12 10:18:51 GMT 2002
Hello all,
Anyone knows if there is an easy way to determine the IP address
of a client who is trying to connect unsuccessfully? The client
is providing an invalid login name. The error logs are like these:
[2002/07/12 09:28:18, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'foo' in passdb.
[2002/07/12 09:28:18, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'foo' in passdb.
[2002/07/12 09:28:18, 1] smbd/reply.c:reply_sesssetup_and_X(989)
Rejecting user 'foo': authentication failed
I am using samba version 2.2.4 in a RedHat Linux box.
Browsing the source at smbd/reply.c I see no possibility to include
source IP address in the log message (connection_struct *conn is NULL
at this point). Neither it is possible at smbd/password.c.
I think this feature is pretty interesting to determine where some
kinds of attacks are coming from (especially the ones trying to guess
privileged accounts and their passwords in a samba server).
Any comments will be much appreciated.
Best regards,
- Xavi.
P.S.: Sorry if this has been posted before. Please include a reference
if so. Thanks a lot.
More information about the samba-technical
mailing list