SMB server seems to be probing the net for shares

Hall, Ken (ECSS) KeHall at exchange.ml.com
Wed Feb 21 18:44:11 GMT 2001 

This is a VERY old problem.  Windows workstations do periodic DNS lookups for the WORKGROUP name.  If there's no local nameserver to resolve this lookup, and you're using something like a demand-dial internet router, it will trigger periodic dialouts, or keep the link up constantly.  

The solution is to set up a caching nameserver on your Samba box to catch DNS lookups, and forward unknowns to your ISP's nameserver.

> -----Original Message-----
> From:	Kenny [SMTP:kenny at hereintown.net]
> Sent:	Wednesday, February 21, 2001 12:34 PM
> To:	Mark McBride
> Cc:	samba at samba.org
> Subject:	RE: SMB server seems to be probing the net for shares
> 
> 
> Port 53 is used by named ... not Samba ... and Samba is probably trying to
> do hostname lookups on internal IPs to root servers ("random" IPs) ...
> 
> Kenny 
> 
> /*
> Meaning cannot be found in work or leisure but has to arise out of the
> nature of the activity itself. 
> */
> 
> On Wed, 21 Feb 2001, Mark McBride wrote:
> 
> > 
> > GGGGGEEEEEEEEEEEEZZZZZZZZZZ!!!!
> > OK - port 53 - duh...
> > 
> > Please ignore my previous message.
> > 
> > Sorry. (it's not easy being me)
> > -Mark
> > 
> > -----Original Message-----
> > From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> > Behalf Of Mark McBride
> > Sent: Wednesday, February 21, 2001 11:30 AM
> > To: samba at samba.org
> > Subject: SMB server seems to be probing the net for shares
> > 
> > 
> > 
> > Hi,
> >    I happened to check the activity logs of my firewall and found that the
> > Samba server (our only linux box) is sending packets out to seemingly random
> > IP addresses on the 'net.  They are all directed to port 53, and are being
> > blocked at the firewall, but they're firing off at a rate of 1 every 5-10
> > seconds.  What gives?  Have I been hacked, or is this normal or configurable
> > behavior?
> > The box in question doesn't really run anything else and I'm the only one
> > with physical access to it.
> > 
> > Ideas or suggestions?
> > 
> > Thanks,
> > Mark
> > 
> > 
> > 
> > 
> > 
> > 
> 
>

More information about the samba mailing list