plz see,
the following is a fragmented (a little long) part of "/etc/log/messages" given below.. and help me interpret....what exactly going on...since i am not an advance user in linux.
i am having a linux box configured with (dhcp-ed)DIAS, and squid,sendmail,samba etc,etc. and as usual get an ip in 61.3.118.0 subnet | network
what i interpreted is that a group of host is trying to access my samba service, where as my samba service is only catered to local network(192.168.0.0/24) so it an attack?
plz help....
contents of /var/log/messages:
============================================================
Apr 9 17:02:51 server1 smbd[6128]: [2005/04/09 17:02:51, 0] lib/access.c:check_access(328)
Apr 9 17:02:51 server1 smbd[6128]: Denied connection from (61.36.69.230)
Apr 9 17:02:52 server1 smbd[6131]: [2005/04/09 17:02:52, 0] lib/access.c:check_access(328)
Apr 9 17:02:52 server1 smbd[6131]: Denied connection from (61.36.69.230)
Apr 9 17:02:54 server1 smbd[6132]: [2005/04/09 17:02:54, 0] lib/access.c:check_access(328)
Apr 9 17:02:54 server1 smbd[6132]: Denied connection from (61.36.69.230)
Apr 9 17:05:22 server1 smbd[6138]: [2005/04/09 17:05:22, 0] lib/access.c:check_access(328)
Apr 9 17:05:22 server1 smbd[6138]: Denied connection from (61.3.111.41)
Apr 9 17:07:03 server1 smbd[6166]: [2005/04/09 17:07:03, 0] lib/access.c:check_access(328)
Apr 9 17:07:03 server1 smbd[6166]: Denied connection from (61.3.118.224)
Apr 9 17:07:51 server1 smbd[6169]: [2005/04/09 17:07:51, 0] lib/access.c:check_access(328)
Apr 9 17:07:51 server1 smbd[6169]: Denied connection from (61.3.111.41)
Apr 9 17:08:07 server1 smbd[6170]: [2005/04/09 17:08:07, 0] lib/access.c:check_access(328)
Apr 9 17:08:07 server1 smbd[6170]: Denied connection from (61.3.118.224)
Apr 9 17:08:43 server1 smbd[6173]: [2005/04/09 17:08:43, 0] lib/access.c:check_access(328)
Apr 9 17:08:43 server1 smbd[6173]: Denied connection from (61.3.137.105)
Apr 9 17:08:57 server1 smbd[6176]: [2005/04/09 17:08:57, 0] lib/access.c:check_access(328)
Apr 9 17:08:57 server1 smbd[6176]: Denied connection from (61.3.123.10)
Apr 9 17:09:31 server1 smbd[6179]: [2005/04/09 17:09:31, 0] lib/access.c:check_access(328)
Apr 9 17:09:31 server1 smbd[6179]: Denied connection from (61.3.121.146)
Apr 9 17:10:53 server1 login(pam_unix)[4855]: session opened for user root by LOGIN(uid=0) Apr 9 17:10:53 server1 -- root[4855]: ROOT LOGIN ON tty2 Apr 9 17:15:01 server1 smbd[6248]: [2005/04/09 17:15:01, 0] lib/access.c:check_access(328)
Apr 9 17:15:01 server1 smbd[6248]: Denied connection from (61.3.118.224)
Apr 9 17:16:28 server1 smb: smbd shutdown succeeded
Apr 9 17:16:28 server1 nmbd[4831]: [2005/04/09 17:16:28, 0] nmbd/nmbd.c:terminate(54)
Apr 9 17:16:28 server1 nmbd[4831]: Got SIGTERM: going down...
Apr 9 17:16:28 server1 smb: nmbd shutdown succeeded
=================================================================
rgds, somu.
-- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
