AW: AW: [Samba] Samba tries to contact external IP ?

Uli Luckas Uli.Luckas at abakusag.de
Mon Aug 12 04:27:13 GMT 2002 

Hi Anreas,
I have problems interpreting the PIX output

> -----Ursprüngliche Nachricht-----
> Von: Andreas Moroder [mailto:andreas.moroder at sb-brixen.it]
> Gesendet: Donnerstag, 8. August 2002 07:56
> An: Uli Luckas
> Cc: samba at lists.samba.org
> Betreff: Re: AW: [Samba] Samba tries to contact external IP ?
> 
> 
> Hello Uli,
> 
> the packet are TCP. Our PIX does not give alarms about packet 
> trying to come in,
> so it looks like our machine is the culprit. 
Well if the packet sliped through some configuration error or Cisco bug it
would most likely not be logged either ;-) Maybe someone inside your
firewall thinks it's funny to contact your samba server with an external ip?
Of course the return packets would be routed to the firewall.
Any way, all just guessing. if only I knew, wether the packets in your log
are SYN packets...


> The debug of a few of this packets gives me the following 
> output. I hope you can
> extract the necessary informations.
> 
> Vielen Dank
> Andreas Moroder
> 
> PixBrixen# --------- PACKET ---------
> 
> -- IP --
> eliot_gate      ==>     209.67.79.132
> 
>         ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
>         id = 0xbc1a     flags = 0x40    frag off=0x0
>         ttl = 0x3f      proto=0x6       chksum = 0x4f99
> 
>         -- TCP --
>                 source port = 0xaaf7    dest port = 0x1bdsyn
What is this?->->->->->->->->->->->->->->->->->->->->-^^^^^^^^
Did the line breaks get messed up? If so we might have a "syn" here. Do you
still get these packets?
Well I guess I just don't know how to read PIX logs. Sorry


>                 seq = 0x6f8f7a86
>                 ack = 0x0
>                 hlen = 0xa              window = 0x16d0
>                 checksum = 0x8820       urg = 0x0
> tcp options:    0x2     0x4     0x5     0xb4
>                         0x4     0x2     0x8     0xa     0x1b  
>   0xa7    0xc6   0
> x9c
>                         0x0     0x0     0x0     0x0     0x1   
>   0x3     0x3    0
> x0
> --------- END OF PACKET ---------

By the way, I think samba does not know native SMB over TCP/IP - it should
not be using port 445 at all. Your samba box does not happen to be a RedHat
6.2 or RedHat 7.0? ... 

Uli Luckas

More information about the samba mailing list