[Samba] suspicious activity
Payal Rathod
payal-samba at staticky.com
Wed Aug 6 06:26:46 GMT 2003
Hi,
While using samba as PDC and file sharing this for just 1 machine, 1
found out that it was giving me this in log,
[2003/08/06 11:37:42, 2] smbd/reply.c:reply_sesssetup_and_X(985)
Defaulting to Lanman password for shanky123
[2003/08/06 11:37:44, 1] smbd/service.c:make_connection(636)
default (192.168.0.2) connect to service shanky123 as user shanky123 (uid=501, gid=501) (pid 1699)
[2003/08/06 11:37:45, 2] smbd/open.c:open_file(245)
SHANKY123 opened file comvir.exe read=Yes write=No (numopen=1)
[2003/08/06 11:38:21, 2] smbd/close.c:close_normal_file(213)
shanky123 closed file comvir.exe (numopen=0)
I was testing it myself so I am sure that I hadn't opened the file comvir.exe
on /home/shanky123 cos' it is a known virus.
Nobody uses/test this setup other than me. What is wrong in the logs above
and why? Do the above logs look ok?
Waiting eagerly for any response.
With warm regards,
-Payal
--
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.
More information about the samba
mailing list