[Samba] when nmb is on some web-sites are redirected to malicious pages

Gruz arygroup at gmail.com
Wed Jun 27 01:37:01 MDT 2012


I use OpenSuse 12.1 and I have written to OpenSuse security maillist but 
noone can help me.

Here is an OpenSuse forum topic where have describe the problem in details:

Here is a Ukrainian key media recourse http://www.pravda.com.ua/

This is how it has to look:

Here is what I see in any browser:

And there is also a popup window.

When I turn nmb daemon off, I see the proper page.

If using TOR or OperaTurbo I always see the proper page. So I'm 
redirected only when using my normal browser and nmb on.

I did many tests and tries and provided tons of my configuration info at 
the opensuse security maillist, but with not result. The only result was 
that I ran tcpdump and the problem gone! And never came back. Is if it 
was a virus and saw it was monitored and stopped itself.

But I reinstalled opensuse from scratch, started samba server and got 
the problem again.

I don't know what to think. This may be a virus or a government  block 
of the web-site in some whay... I don't know if it's my computer problem 
or a DNS traffic replace or anything else. I need some specialist help. 
This may be a security issue.

Please check the forum link I provided above not to suggest things that 
have been suggested and tester before.


More information about the samba mailing list