[Samba] suspicious activity
payal-samba at staticky.com
Wed Aug 6 06:26:46 GMT 2003
While using samba as PDC and file sharing this for just 1 machine, 1
found out that it was giving me this in log,
[2003/08/06 11:37:42, 2] smbd/reply.c:reply_sesssetup_and_X(985)
Defaulting to Lanman password for shanky123
[2003/08/06 11:37:44, 1] smbd/service.c:make_connection(636)
default (192.168.0.2) connect to service shanky123 as user shanky123 (uid=501, gid=501) (pid 1699)
[2003/08/06 11:37:45, 2] smbd/open.c:open_file(245)
SHANKY123 opened file comvir.exe read=Yes write=No (numopen=1)
[2003/08/06 11:38:21, 2] smbd/close.c:close_normal_file(213)
shanky123 closed file comvir.exe (numopen=0)
I was testing it myself so I am sure that I hadn't opened the file comvir.exe
on /home/shanky123 cos' it is a known virus.
Nobody uses/test this setup other than me. What is wrong in the logs above
and why? Do the above logs look ok?
Waiting eagerly for any response.
With warm regards,
"Visit GNU/Linux Success Stories"
Guest-Book Section Updated.
More information about the samba