AW: [Samba] Samba tries to contact external IP ?
Andreas Moroder
andreas.moroder at sb-brixen.it
Wed Aug 7 23:04:47 GMT 2002
Hello Uli,
the packet are TCP. Our PIX does not give alarms about packet trying to come in,
so it looks like our machine is the culprit.
The debug of a few of this packets gives me the following output. I hope you can
extract the necessary informations.
Vielen Dank
Andreas Moroder
PixBrixen# --------- PACKET ---------
-- IP --
eliot_gate ==> 209.67.79.132
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
id = 0xbc1a flags = 0x40 frag off=0x0
ttl = 0x3f proto=0x6 chksum = 0x4f99
-- TCP --
source port = 0xaaf7 dest port = 0x1bdsyn
seq = 0x6f8f7a86
ack = 0x0
hlen = 0xa window = 0x16d0
checksum = 0x8820 urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x4 0x2 0x8 0xa 0x1b 0xa7 0xc6 0
x9c
0x0 0x0 0x0 0x0 0x1 0x3 0x3 0
x0
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
eliot_gate ==> 209.67.79.132
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
id = 0xbc1b flags = 0x40 frag off=0x0
ttl = 0x3f proto=0x6 chksum = 0x4f98
-- TCP --
source port = 0xaaf7 dest port = 0x1bdsyn
seq = 0x6f8f7a86
ack = 0x0
hlen = 0xa window = 0x16d0
checksum = 0x86f4 urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x4 0x2 0x8 0xa 0x1b 0xa7 0xc7 0
xc8
0x0 0x0 0x0 0x0 0x1 0x3 0x3 0
x0
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
eliot_gate ==> 209.67.79.132
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
id = 0xbc1c flags = 0x40 frag off=0x0
ttl = 0x3f proto=0x6 chksum = 0x4f97
-- TCP --
source port = 0xaaf7 dest port = 0x1bdsyn
seq = 0x6f8f7a86
ack = 0x0
hlen = 0xa window = 0x16d0
checksum = 0x849c urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x4 0x2 0x8 0xa 0x1b 0xa7 0xca 0
x20
0x0 0x0 0x0 0x0 0x1 0x3 0x3 0
x0
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
eliot_gate ==> 209.67.79.132
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
id = 0x52df flags = 0x40 frag off=0x0
ttl = 0x3f proto=0x6 chksum = 0xb8d4
-- TCP --
source port = 0xaaf8 dest port = 0x8bsyn
seq = 0x71839c7b
ack = 0x0
hlen = 0xa window = 0x16d0
checksum = 0x5d60 urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x4 0x2 0x8 0xa 0x1b 0xa7 0xce 0
xa4
0x0 0x0 0x0 0x0 0x1 0x3 0x3 0
x0
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
eliot_gate ==> 209.67.79.132
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
id = 0x52e0 flags = 0x40 frag off=0x0
ttl = 0x3f proto=0x6 chksum = 0xb8d3
-- TCP --
source port = 0xaaf8 dest port = 0x8bsyn
seq = 0x71839c7b
ack = 0x0
hlen = 0xa window = 0x16d0
checksum = 0x5c34 urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x4 0x2 0x8 0xa 0x1b 0xa7 0xcf 0
xd0
0x0 0x0 0x0 0x0 0x1 0x3 0x3 0
x0
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
eliot_gate ==> 209.67.79.132
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
id = 0x52e1 flags = 0x40 frag off=0x0
ttl = 0x3f proto=0x6 chksum = 0xb8d2
-- TCP --
source port = 0xaaf8 dest port = 0x8bsyn
seq = 0x71839c7b
ack = 0x0
hlen = 0xa window = 0x16d0
checksum = 0x59dc urg = 0x0
tcp options: 0x2 0x4 0x5 0xb4
0x4 0x2 0x8 0xa 0x1b 0xa7 0xd2 0
x28
0x0 0x0 0x0 0x0 0x1 0x3 0x3 0
x0
--------- END OF PACKET ---------
Zitiere Uli Luckas <Uli.Luckas at abakusag.de>:
> Hi Andreas,
> what kind of packet is logged, TCP or UDP? Does it have the SYN bit set?
> If
> not, or if it is a SYN,ACK packet someone contacted your server through
> the
> firewall and your server tries to proceed with the handshake
> procedure.
>
> Uli
>
> > -----Ursprüngliche Nachricht-----
> > Von: Andreas Moroder [mailto:andreas.moroder at sb-brixen.it]
> > Gesendet: Dienstag, 6. August 2002 09:21
> > An: samba at lists.samba.org
> > Betreff: [Samba] Samba tries to contact external IP ?
> >
> >
> > Hello,
> >
> > our firewall warns me that our server where samba 2.2.3 pre
> > runs, tries at
> > random intervals to contact a machine at 209.67.79.132.
> > Because the ports are
> > 445 and 139 I think it must be smbd or nmbd that sends this packets.
> >
> > In smb.conf I find no entry with this address.
> >
> > Can anyone explain me why ( and if ) samba does this ?
> >
> > Thank you very much
> >
> > Andreas Moroder
> >
> > P.S. If possible please answer also direct via e-mail
> >
> >
> >
> > --------------------------------------------------------
> > Dr. Andreas Moroder
> > Sanitätsbetrieb Brixen - Azienda Sanitaria di Bressanone
> > www.sb-brixen.it - www.as-bressanone.it
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
>
--------------------------------------------------------
Dr. Andreas Moroder
Sanitätsbetrieb Brixen - Azienda Sanitaria di Bressanone
www.sb-brixen.it - www.as-bressanone.it
More information about the samba
mailing list