On Mon, 2021-02-15 at 16:37 +0000, Rowland penny via samba
wrote:> On 15/02/2021 15:48, Francesc Guasch wrote:
>
> > On Mon, Feb 15, 2021 at 02:06:52PM +0000, Rowland penny via samba
> > wrote:
> > Hi Rowland. Thanks for anwering me.
> > > On 15/02/2021 12:39, Francesc Guasch via samba wrote:
> > > > Hi. I have a samba server that suddenly gets smbd
> > > > processes at 100% and becomes unusable.
> > > > This is samba release 2:4.9.5+dfsg-5+deb10u1
> > > > [IPC$]
> > > > path = /tmp
> > > > hosts deny = 0.0.0.0/0
> > > Why have you created a hidden share called 'IPC' ?
> > I don't know it has been here for ages.
>
>
>
>
> I would remove it, Samba creates it by default without it being in
> smb.conf.
This looks like our published mitigation for a very old Samba security
issue.
Notice how the 'hosts deny' is for every host, so this would be trying
to block off our RPC services.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions