messages

somnath123s Mon, 11 Apr 2005 05:00:36 -0700

hey!! what you said it might the case but even if i keep my "sshd" on, same thing happening means as if group of hosts are trying connect with random username/password and most of them are from china/korea eg. bora.net etc. i 'll send a snippet of my log files later, for better interprtation... ?? rgds somu

GOSSAMER PENGUIN writes:

Soumyadip, My idea is that this is not a planned "attack" as such . since you are using a shared network (dhcp-ed ) BSNL is making all its customer a node in it's internal ( not visible on the internet ) 61.*.*.* network which gets NAT'ed at the end to connect to the internet through a gateway server . I have observed that if SAMBA is running and so configured then all the machines on the same subnet ( ie other DIAS users ) running WinXP are able to see your samba drive(folder) as a network drive or folder from "network neighbourhood etc" . I am on descon/reach2net and able to see my neibours "shared" drives and/or folders sometimes ??!!@@## from winXP . This makes someone curious / dumb enough to click on this icon in windows -- then windows tries to connect to this "network resource" but is obviously denied permission . Samba by default logs all such failed "read" attempts . This probably what is happeniiing here - but no one can be 100% sure . Do configure your samba server properly and do use an old redundant PC with something like "coyote linux floppy firewall" for foolproof security. This shall properly seperate your internal network form the outside world while retaining internet connection for all your internal machines simultaneously. What do all you guys think ?

From: Soumyadip Modak <[EMAIL PROTECTED]> Reply-To: [email protected] To: [email protected] Subject: Re: [ilug-cal] /var/log/messages Date: Sun, 10 Apr 2005 08:42:21 +0530

On Sat, 2005-04-09 at 06:47 -0600, [EMAIL PROTECTED] wrote: > i am having a linux box configured with (dhcp-ed)DIAS, and > squid,sendmail,samba etc,etc. and as usual get an ip in 61.3.118.0 subnet | > network -------- >
_________________________________________________________________ Print your digital images. http://www.kodakexpress.co.in?soe=4956 Only on Kodak Paper.
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3

--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3

[ilug-cal] Re: /var/log/messages

Reply via email to