[Samba] when nmb is on some web-sites are redirected to malicious pages
Gruz
arygroup at gmail.com
Wed Jun 27 01:37:01 MDT 2012
Hi!
I use OpenSuse 12.1 and I have written to OpenSuse security maillist but
noone can help me.
Here is an OpenSuse forum topic where have describe the problem in details:
http://forums.opensuse.org/english/get-technical-help-here/network-internet/476052-i-think-its-virus-while-nmbd-running-some-web-sites-redirected-broken.html
Here is a Ukrainian key media recourse http://www.pravda.com.ua/
This is how it has to look:
http://view.xscreenshot.com/e1e9e64a30772d2a183d513efd47fbd4
Here is what I see in any browser:
http://view.xscreenshot.com/4706f11e9d29a40ff1a7dd12c640e321
And there is also a popup window.
When I turn nmb daemon off, I see the proper page.
If using TOR or OperaTurbo I always see the proper page. So I'm
redirected only when using my normal browser and nmb on.
I did many tests and tries and provided tons of my configuration info at
the opensuse security maillist, but with not result. The only result was
that I ran tcpdump and the problem gone! And never came back. Is if it
was a virus and saw it was monitored and stopped itself.
But I reinstalled opensuse from scratch, started samba server and got
the problem again.
I don't know what to think. This may be a virus or a government block
of the web-site in some whay... I don't know if it's my computer problem
or a DNS traffic replace or anything else. I need some specialist help.
This may be a security issue.
Please check the forum link I provided above not to suggest things that
have been suggested and tester before.
Thanks.
More information about the samba
mailing list