SMB server seems to be probing the net for shares
Hall, Ken (ECSS)
KeHall at exchange.ml.com
Wed Feb 21 18:44:11 GMT 2001
This is a VERY old problem. Windows workstations do periodic DNS lookups for the WORKGROUP name. If there's no local nameserver to resolve this lookup, and you're using something like a demand-dial internet router, it will trigger periodic dialouts, or keep the link up constantly.
The solution is to set up a caching nameserver on your Samba box to catch DNS lookups, and forward unknowns to your ISP's nameserver.
> -----Original Message-----
> From: Kenny [SMTP:kenny at hereintown.net]
> Sent: Wednesday, February 21, 2001 12:34 PM
> To: Mark McBride
> Cc: samba at samba.org
> Subject: RE: SMB server seems to be probing the net for shares
>
>
> Port 53 is used by named ... not Samba ... and Samba is probably trying to
> do hostname lookups on internal IPs to root servers ("random" IPs) ...
>
> Kenny
>
> /*
> Meaning cannot be found in work or leisure but has to arise out of the
> nature of the activity itself.
> */
>
> On Wed, 21 Feb 2001, Mark McBride wrote:
>
> >
> > GGGGGEEEEEEEEEEEEZZZZZZZZZZ!!!!
> > OK - port 53 - duh...
> >
> > Please ignore my previous message.
> >
> > Sorry. (it's not easy being me)
> > -Mark
> >
> > -----Original Message-----
> > From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> > Behalf Of Mark McBride
> > Sent: Wednesday, February 21, 2001 11:30 AM
> > To: samba at samba.org
> > Subject: SMB server seems to be probing the net for shares
> >
> >
> >
> > Hi,
> > I happened to check the activity logs of my firewall and found that the
> > Samba server (our only linux box) is sending packets out to seemingly random
> > IP addresses on the 'net. They are all directed to port 53, and are being
> > blocked at the firewall, but they're firing off at a rate of 1 every 5-10
> > seconds. What gives? Have I been hacked, or is this normal or configurable
> > behavior?
> > The box in question doesn't really run anything else and I'm the only one
> > with physical access to it.
> >
> > Ideas or suggestions?
> >
> > Thanks,
> > Mark
> >
> >
> >
> >
> >
> >
>
>
More information about the samba
mailing list