[Samba] external pings accross NAT (compromised?)
christopher at ideadesigners.com
Thu Aug 21 08:17:21 GMT 2003
I am far from being network savvy. Despite this I have installed samba
2.2.7a (mandrake 9.1) and the company has been using it as PDC for a
win2k network for the last 4 months. The same machine is also running
named, cvs, mysql, apache (moneys tight :)). We are located in serviced
offices and are networked accross a vlan. The entire network is
'protected' by a NAT firewall to the Internet owned by the ISP. *some*
of our internal machines are running personal firewalls.
to the point - recently one of the machines running a personal firewall
has been alerting because of low volume pings from external ip
addresses. These addresses have all been, to date, within this range
213.x.x.x . The machine (win2k) is generally pinged by a different IP
within that range every five minutes or so - after which the fw bans it.
I have run virus scanners on all company machines with nothing showing
up. I have also installed ethereal and tried to watch the network
packets after the ISP said that the only way an external address could
resolve to our natted internal ones was if the internal one were
contacting them first.
ethereal does not show the local machine sending out an icmp request
first. Instead it shows that external address pings the local machine
and all currently used internal addresses + some internal addresses that
are no longer used but which may still be defined on the named server.
However - the only outgoing packets to the culprit ip addresses are the
ocassional reply to icmp requests from one or two un-personal-firewalled
Does anyone have any thoughts on what could be happening?
http://www.ideadesigners.com [iseries & web technologies]
mailto: christopher at ideadesigners.com
mobile: +44 7966 003860
Office: +44 1494 731814 ext. 832
Direct: +44 1494 731832
YIM = Josephc_98
MSN = christopher at ideadesigners.com
More information about the samba