[Samba] Bad SMB2 (sign_algo_id=1) signature for message?
Michael Tokarev
mjt at tls.msk.ru
Tue Feb 7 22:54:20 UTC 2023
Another message appeared in the log after 4.13=>4.17 upgrade:
[2023/02/07 23:21:58.677059, 0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:21:58.677184, 0] ../../lib/util/util.c:571(dump_data)
[0000] B9 83 A8 8D A6 D4 8D A3 6A 8E 51 28 C0 91 20 9D ........ j.Q(.. .
[2023/02/07 23:21:58.677264, 0] ../../lib/util/util.c:571(dump_data)
[0000] 4E DF F2 77 95 E4 BE B8 59 AB 44 91 A4 82 0B 2B N..w.... Y.D....+
[2023/02/07 23:31:59.041881, 0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:31:59.041997, 0] ../../lib/util/util.c:571(dump_data)
[0000] 58 52 74 5E 39 F3 1B 44 75 5C F3 9B 92 66 50 CC XRt^9..D u\...fP.
[2023/02/07 23:31:59.042053, 0] ../../lib/util/util.c:571(dump_data)
[0000] F5 4D E3 46 E2 EB 3B 99 B0 5D 74 FC 9F 5B FF C7 .M.F..;. .]t..[..
[2023/02/07 23:41:59.419190, 0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:41:59.419300, 0] ../../lib/util/util.c:571(dump_data)
[0000] C4 CF B7 2E AD E3 45 3C 97 EA A6 AC DD 0F 3A C2 ......E< ......:.
[2023/02/07 23:41:59.419356, 0] ../../lib/util/util.c:571(dump_data)
[0000] 46 6F 0B 9B 69 70 0E 05 FD 02 4F 74 F3 45 65 25 Fo..ip.. ..Ot.Ee%
[2023/02/07 23:51:44.186860, 0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:51:44.187006, 0] ../../lib/util/util.c:571(dump_data)
[0000] D1 EF 35 D9 99 9C 4F F7 C0 3C 85 EA 32 4A 0C EF ..5...O. .<..2J..
[2023/02/07 23:51:44.187066, 0] ../../lib/util/util.c:571(dump_data)
[0000] 0E 53 97 61 B7 E3 BB BE 0A 94 71 9B 0F AD 13 2A .S.a.... ..q....*
[2023/02/07 23:51:59.778881, 0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:51:59.778990, 0] ../../lib/util/util.c:571(dump_data)
[0000] 2F 9B 8C 2F 96 EE 62 03 1F 6D 26 28 CA D2 7E EF /../..b. .m&(..~.
[2023/02/07 23:51:59.779047, 0] ../../lib/util/util.c:571(dump_data)
[0000] 00 F3 93 F8 14 50 3D 68 97 CE 7D 2B 14 03 47 50 .....P=h ..}+..GP
This one does not occur as frequently as the access denied one, and I had no time
to analyze where these are coming from, yet. Seems to be happening every 10 minutes.
Should I be concerned about these messages?
Thanks,
/mjt
More information about the samba
mailing list