[Samba] Did I get hacked?? strange log info...

Jesse Vaughan jrv116 at hotmail.com
Fri Nov 15 05:29:17 GMT 2002 

I noticed I got a strange connection from what seems to be a user in 
italy?!?  and he connected to my SMB client maybe??

I'm assuming the errors in his logfile ( 
http://68.48.247.187/log.gustavo.txt )  not finding the service.c file are 
because he is being denied access.. but how is he connecting in the first 
place.. And why isnt he being refused by my servers hosts.deny file...?

I have about 6 of these rogue logs with different connect names being used.. 
  what can I do to clear this up??

Also on a side note, Any of you know what the deal is with the martian 
messages my kernel is getting??

or how to stop them?? They appeared right after a connection attempt by 
Gustavo.. I've attached a sample.. there are about 200-500 of them ::

Nov 14 04:40:00 server CROND[20451]: (root) CMD (   
/usr/share/msec/promisc_check.sh)
Nov 14 04:40:14 server smbd[20459]: [2002/11/14 04:40:14, 0] 
smbd/service.c:make_connection(248)
Nov 14 04:40:14 server smbd[20459]:   gustavo (195.250.245.176) couldn't 
find service c
Nov 14 04:40:28 server kernel: martian source 169.254.191.7 from 
169.254.191.7, on dev eth1
Nov 14 04:40:28 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:06
Nov 14 04:40:28 server kernel: martian source 169.254.191.7 from 
169.254.191.7, on dev eth1
Nov 14 04:40:28 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:06
Nov 14 04:40:29 server kernel: martian source 169.254.191.7 from 
169.254.191.7, on dev eth1
Nov 14 04:40:29 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:06
Nov 14 04:40:30 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:30 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:30 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:30 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:31 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:31 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:32 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:32 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:33 server kernel: NET: 1 messages suppressed.
Nov 14 04:40:33 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:33 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:38 server kernel: NET: 13 messages suppressed.
Nov 14 04:40:38 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:38 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:43 server kernel: NET: 4 messages suppressed.
Nov 14 04:40:43 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:43 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:48 server kernel: NET: 3 messages suppressed.
Nov 14 04:40:48 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:48 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:53 server kernel: NET: 6 messages suppressed.
Nov 14 04:40:53 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:53 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:40:58 server kernel: NET: 9 messages suppressed.
Nov 14 04:40:58 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:40:58 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:41:00 server CROND[20461]: (root) CMD (   
/usr/share/msec/promisc_check.sh)
Nov 14 04:41:55 server kernel: NET: 1 messages suppressed.
Nov 14 04:41:55 server kernel: martian source 169.254.255.255 from 
169.254.191.7, on dev eth1
Nov 14 04:41:55 server kernel: ll header: 
ff:ff:ff:ff:ff:ff:00:50:da:1e:ba:32:08:00
Nov 14 04:42:00 server CROND[20470]: (root) CMD (   
/usr/share/msec/promisc_check.sh)



Any help would be appreciated.. just email me please.. jrv116 at hotmail.com

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

More information about the samba mailing list