[Samba] when nmb is on some web-sites are redirected to malicious pages
arygroup at gmail.com
Wed Jun 27 01:37:01 MDT 2012
I use OpenSuse 12.1 and I have written to OpenSuse security maillist but
noone can help me.
Here is an OpenSuse forum topic where have describe the problem in details:
Here is a Ukrainian key media recourse http://www.pravda.com.ua/
This is how it has to look:
Here is what I see in any browser:
And there is also a popup window.
When I turn nmb daemon off, I see the proper page.
If using TOR or OperaTurbo I always see the proper page. So I'm
redirected only when using my normal browser and nmb on.
I did many tests and tries and provided tons of my configuration info at
the opensuse security maillist, but with not result. The only result was
that I ran tcpdump and the problem gone! And never came back. Is if it
was a virus and saw it was monitored and stopped itself.
But I reinstalled opensuse from scratch, started samba server and got
the problem again.
I don't know what to think. This may be a virus or a government block
of the web-site in some whay... I don't know if it's my computer problem
or a DNS traffic replace or anything else. I need some specialist help.
This may be a security issue.
Please check the forum link I provided above not to suggest things that
have been suggested and tester before.
More information about the samba