Hi,
I have a Samba file server on my network , which is connected directly to the internet.
I use a SuSEfirewall2 firewall. My local network is 192.168.10.0/24
A couple a days ago, immediaty after I restarted the Samba service I've noticed 2 strange
attempted connections in the SYS_RECV state from the ip's 192.168.198.1 and 192.168.248.1
I runed a tcpdump on the interface and this are the results that I receive every time when I try to acces a local workstation from another workstation in the workgroup:
samba: # tcpdump -v host 192.168.198.1
tcpdump: listening on eth0
15:54:35.216239 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 (DF) (ttl 128, id 14273, len 48)
15:54:38.127516 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 (DF) (ttl 128, id 14284, len 48)
15:54:44.143570 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 (DF) (ttl 128, id 14335, len 48)
15:55:31.380908 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 32304, len 48)
15:55:34.241142 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 43568, len 40)
15:55:34.355161 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 44080, len 48)
15:55:40.257204 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 44336, len 40)
15:55:40.354232 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 45104, len 48)
15:54:35.216239 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 (DF) (ttl 128, id 14273, len 48)
15:54:38.127516 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 (DF) (ttl 128, id 14284, len 48)
15:54:44.143570 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 (DF) (ttl 128, id 14335, len 48)
15:55:31.380908 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 32304, len 48)
15:55:34.241142 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 43568, len 40)
15:55:34.355161 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 44080, len 48)
15:55:40.257204 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 44336, len 40)
15:55:40.354232 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 45104, len 48)
15:55:52.352331 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 (DF) (ttl 128, id 46128, len 48)
What is going on?
Thank you
----
Home, no matter how far...
http://www.home.ro