Open question on security and 2.0.6

Henri J. Schlereth henris at neandertal.org
Fri Feb 18 08:06:10 GMT 2000


I was working on a configuration issue on my smb.conf and was looking
thru log.smb to find any error messages. While I did that (and fixed
that particular problem BTW) I came across the following:

log.smb:  Connection denied from 210.8.103.146
log.smb:  Connection denied from 206.222.222.3

This would indicate to me that someone was trying to access
smbd across the Internet. Now I have all kinds of lovely little
breadcrumb traps that not only deny access to other processes and
ports but also send me a kind little warning email that someone
has been nosing around my system. 
But this sort of thing has evidently escaped me for some time.
I understand I could get this logged to syslog as well but that
doesnt give me any notification that something is going on. I could
also write a cron job that scans these files but why isnt there
some sort of alarm flag raised? The host allow/deny stuff is set
to where no one can get in and samba is bound only to interfaces
internally. 

Any other suggestions?

Henri J. Schlereth

-- 
-------------------------------------------------------------
"All data leaves a trial. The search for data leaves a trial.
The erasure of data leaves a trial.The absence of data, under
the right circumstances,can leave the clearest trial of all-
Dr Kio Masada" 
-------------------------------------------------------------


More information about the samba mailing list