|
Author: Isaac
Date: 15-01-03 20:43
I was checking up on my box today from work and noticed somthing that I didn't understand. I rand the command "netstat -al" and saw the following line:
tcp4 0 0 209-6-23-76.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.netbios-ssn ppp-62-10-69-78.dialup.tiscali.it.2887 ESTABLISHED
What does this mean? Has somone actually connected to my box without permission? I ran the "who" command and didn't see anyone logged in other than my self. A few mins later running "netstat -al" no longer returned this line. If anyone could explane or point me tward a source to read up on this that would be great.
Thanks,
Isaac
|
|
Reply To This Message
|
|
Author: .daniel.schrock
Date: 16-01-03 01:55
netbios-ssn is used by samba. you should not allow samba to listen on a public address and should always require login...
you may have guest access enabled which allowed the user in.
here is what my testing revealed:
19:53:59:d_jab@aluminum (/dev/ttyp2): 1 ~
>> smbclient \\\\209.6.23.76\\
added interface ip=192.168.23.200 bcast=192.168.23.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password:
Anonymous login successful
Domain=[HOME] OS=[Unix] Server=[Samba 2.2.6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
no password given, just pressed enter.
|
|
Reply To This Message
|
|
Author: Isaac
Date: 16-01-03 02:03
The strange thing is in my smb.conf file I have the "interfaces" line set to fpx0 which is my internal card. I've disabled sambe untill I get my hands on a book. Thanks though Daniel.
Isaac
|
|
Reply To This Message
|
|
Author: .daniel.schrock
Date: 16-01-03 03:02
the interfaces directive should contain the subnet the interface is on, not the card itself.
the hosts allow directive can further refine this definition.
<b>
interfaces = 192.168.0.0/255.255.255.0 127.0.0.1
</b>
|
|
Reply To This Message
|
|
Author: Isaac
Date: 17-01-03 15:04
Daniel, can you tell me what you did to perform that test so I can check to see if I've still left things open?
Thanks,
Isaac
|
|
Reply To This Message
|
|
Author: .daniel.schrock
Date: 18-01-03 02:25
19:53:59:d_jab@aluminum (/dev/ttyp2): 1 ~
>> smbclient \\\\209.6.23.76\\
added interface ip=192.168.23.200 bcast=192.168.23.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password:
Anonymous login successful
Domain=[HOME] OS=[Unix] Server=[Samba 2.2.6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
no password given, just pressed enter.
smbclient comes with samba and this test will work from your local system.
you want samba listening on the private interface so smbclient \\\\privateipaddr\\ should allow you to login
smbclient \\\\publicipaddress\\ should not allow you to login.
|
|
Reply To This Message
|
|
Author: .daniel.schrock
Date: 20-01-03 21:46
nope!
15:14:56:d_jab@aluminum (/dev/ttyp0): 2 ~
>> smbclient \\\\209.6.23.76\\
added interface ip=192.168.23.200 bcast=192.168.23.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
session request to 209.6.23.76 failed (Not listening for calling name)
session request to 209 failed (Not listening for calling name)
session request to *SMBSERVER failed (Not listening for calling name)
|
|
Reply To This Message
|
|