Security Problem (?): strange logs
Hi, browsing my /var/log directory I found many files like these - (...) log.Ä__îÅÍ3 log._ç___Ä log.a0035934 log.aditi log.alevrius_ log.alevrius_.old log.amanda log.amd log.amul log.andreas log.ang_1730 log.angelas log.aps-02 log.armoire log.atpvpn log.austinserver log.b-64ku99an2lr25 log.baer1 log.banquet log.barb log.bd20g log.gigantti-o13mbj log.gustavo log.gustavo.old log.howell log.huntfin log.i3r1r7 log.ibm all in one -- Most of them are empty, some of them contain messages like this - (...) [2003/02/21 17:14:30, 0] smbd/service.c:make_connection(252) gustavo (80.100.23.30) couldn't find service c - Do I have any serious security problem, or are these some script kiddies ? Regards, Uli. +---+ |Peter Ulrich Kruppa| | - Wuppertal - | | Germany | +---+ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: *****SPAM***** Security Problem (?): strange logs
On Fri, 21 Feb 2003, P. U. Kruppa wrote: Do I have any serious security problem, or are these some script kiddies ? those are output logs from samba. people are connecting, and trying to see any of your smb shares. ---/ f. johan beisser /--+ http://caustic.org/~jan [EMAIL PROTECTED] Champagne for my real friends, real pain for my sham friends. -- Tom Waits To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Security Problem (?): strange logs
P. U. Kruppa wrote: Hi, browsing my /var/log directory I found many files like these - (...) log.?__???3 snip log.ibm all in one -- Most of them are empty, some of them contain messages like this - (...) [2003/02/21 17:14:30, 0] smbd/service.c:make_connection(252) gustavo (80.100.23.30) couldn't find service c - Do I have any serious security problem, or are these some script kiddies ? I would consider it a security problem if you don't know who those Windows machines belong to. Make sure SMB is firewalled off from the Internet, it will reduce the risk considerably. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Security Problem (?): strange logs
In the last episode (Feb 21), P. U. Kruppa said: browsing my /var/log directory I found many files like these - (...) log.__3 log. log.a0035934 log.aditi log.alevrius_ log.alevrius_.old log.amanda Do I have any serious security problem, or are these some script kiddies ? You porbably have a line line this in your smb.conf: log file = /var/log/log.%m which means that anyone connecting to your machine from a Windows machine through Network Neighborhood, even just browsing (i.e. not accessing any shares), gets a logfile created with the machinename as part of the name. -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message