thr3ads.net - samba - AW: [Samba] Samba tries to contact external IP ? [Aug 2002]

If this information is useful, please help other people find it:
Share via:

Uli Luckas

2002-Aug-06 03:40 UTC

AW: [Samba] Samba tries to contact external IP ?

Hi Andreas,
what kind of packet is logged, TCP or UDP? Does it have the SYN bit set? If
not, or if it is a SYN,ACK packet someone contacted your server through the
firewall and your server tries to proceed with the handshake procedure.

Uli
> -----Urspr?ngliche Nachricht-----
> Von: Andreas Moroder [mailto:andreas.moroder@sb-brixen.it]
> Gesendet: Dienstag, 6. August 2002 09:21
> An: samba@lists.samba.org
> Betreff: [Samba] Samba tries to contact external IP ?
> 
> 
> Hello,
> 
> our firewall warns me that our server where samba  2.2.3 pre  
> runs, tries at
> random intervals to contact a machine at 209.67.79.132. 
> Because the ports are
> 445 and 139 I think it must be smbd or nmbd that sends this packets.
> 
> In smb.conf I find no entry with this address.
> 
> Can anyone explain me why ( and if ) samba does this ?
> 
> Thank you very much
> 
> Andreas Moroder
> 
> P.S. If possible please answer also direct via e-mail
> 
> 
> 
> --------------------------------------------------------
> Dr. Andreas Moroder
> Sanit?tsbetrieb Brixen - Azienda Sanitaria di Bressanone
>    www.sb-brixen.it    -      www.as-bressanone.it
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

Andreas Moroder

2002-Aug-07 23:04 UTC

head link

AW: [Samba] Samba tries to contact external IP ?

Hello Uli,

the packet are TCP. Our PIX does not give alarms about packet trying to come in,
so it looks like our machine is the culprit. 

The debug of a few of this packets gives me the following output. I hope you can
extract the necessary informations.

Vielen Dank
Andreas Moroder

PixBrixen# --------- PACKET ---------

-- IP --
eliot_gate      ==>     209.67.79.132

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
        id = 0xbc1a     flags = 0x40    frag off=0x0
        ttl = 0x3f      proto=0x6       chksum = 0x4f99

        -- TCP --
                source port = 0xaaf7    dest port = 0x1bdsyn

                seq = 0x6f8f7a86
                ack = 0x0
                hlen = 0xa              window = 0x16d0
                checksum = 0x8820       urg = 0x0
tcp options:    0x2     0x4     0x5     0xb4
                        0x4     0x2     0x8     0xa     0x1b    0xa7    0xc6   0
x9c
                        0x0     0x0     0x0     0x0     0x1     0x3     0x3    0
x0
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
eliot_gate      ==>     209.67.79.132

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
        id = 0xbc1b     flags = 0x40    frag off=0x0
        ttl = 0x3f      proto=0x6       chksum = 0x4f98

        -- TCP --
                source port = 0xaaf7    dest port = 0x1bdsyn

                seq = 0x6f8f7a86
                ack = 0x0
                hlen = 0xa              window = 0x16d0
                checksum = 0x86f4       urg = 0x0
tcp options:    0x2     0x4     0x5     0xb4
                        0x4     0x2     0x8     0xa     0x1b    0xa7    0xc7   0
xc8
                        0x0     0x0     0x0     0x0     0x1     0x3     0x3    0
x0
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
eliot_gate      ==>     209.67.79.132

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
        id = 0xbc1c     flags = 0x40    frag off=0x0
        ttl = 0x3f      proto=0x6       chksum = 0x4f97

        -- TCP --
                source port = 0xaaf7    dest port = 0x1bdsyn

                seq = 0x6f8f7a86
                ack = 0x0
                hlen = 0xa              window = 0x16d0
                checksum = 0x849c       urg = 0x0
tcp options:    0x2     0x4     0x5     0xb4
                        0x4     0x2     0x8     0xa     0x1b    0xa7    0xca   0
x20
                        0x0     0x0     0x0     0x0     0x1     0x3     0x3    0
x0
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
eliot_gate      ==>     209.67.79.132

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
        id = 0x52df     flags = 0x40    frag off=0x0
        ttl = 0x3f      proto=0x6       chksum = 0xb8d4

        -- TCP --
                source port = 0xaaf8    dest port = 0x8bsyn

                seq = 0x71839c7b
                ack = 0x0
                hlen = 0xa              window = 0x16d0
                checksum = 0x5d60       urg = 0x0
tcp options:    0x2     0x4     0x5     0xb4
                        0x4     0x2     0x8     0xa     0x1b    0xa7    0xce   0
xa4
                        0x0     0x0     0x0     0x0     0x1     0x3     0x3    0
x0
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
eliot_gate      ==>     209.67.79.132

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
        id = 0x52e0     flags = 0x40    frag off=0x0
        ttl = 0x3f      proto=0x6       chksum = 0xb8d3

        -- TCP --
                source port = 0xaaf8    dest port = 0x8bsyn

                seq = 0x71839c7b
                ack = 0x0
                hlen = 0xa              window = 0x16d0
                checksum = 0x5c34       urg = 0x0
tcp options:    0x2     0x4     0x5     0xb4
                        0x4     0x2     0x8     0xa     0x1b    0xa7    0xcf   0
xd0
                        0x0     0x0     0x0     0x0     0x1     0x3     0x3    0
x0
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
eliot_gate      ==>     209.67.79.132

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x3c
        id = 0x52e1     flags = 0x40    frag off=0x0
        ttl = 0x3f      proto=0x6       chksum = 0xb8d2

        -- TCP --
                source port = 0xaaf8    dest port = 0x8bsyn

                seq = 0x71839c7b
                ack = 0x0
                hlen = 0xa              window = 0x16d0
                checksum = 0x59dc       urg = 0x0
tcp options:    0x2     0x4     0x5     0xb4
                        0x4     0x2     0x8     0xa     0x1b    0xa7    0xd2   0
x28
                        0x0     0x0     0x0     0x0     0x1     0x3     0x3    0
x0
--------- END OF PACKET ---------


Zitiere Uli Luckas <Uli.Luckas@abakusag.de>:
> Hi Andreas,
> what kind of packet is logged, TCP or UDP? Does it have the SYN bit set?
> If
> not, or if it is a SYN,ACK packet someone contacted your server through
> the
> firewall and your server tries to proceed with the handshake
> procedure.
> 
> Uli
> 
> > -----Urspr?ngliche Nachricht-----
> > Von: Andreas Moroder [mailto:andreas.moroder@sb-brixen.it]
> > Gesendet: Dienstag, 6. August 2002 09:21
> > An: samba@lists.samba.org
> > Betreff: [Samba] Samba tries to contact external IP ?
> > 
> > 
> > Hello,
> > 
> > our firewall warns me that our server where samba  2.2.3 pre  
> > runs, tries at
> > random intervals to contact a machine at 209.67.79.132. 
> > Because the ports are
> > 445 and 139 I think it must be smbd or nmbd that sends this packets.
> > 
> > In smb.conf I find no entry with this address.
> > 
> > Can anyone explain me why ( and if ) samba does this ?
> > 
> > Thank you very much
> > 
> > Andreas Moroder
> > 
> > P.S. If possible please answer also direct via e-mail
> > 
> > 
> > 
> > --------------------------------------------------------
> > Dr. Andreas Moroder
> > Sanit?tsbetrieb Brixen - Azienda Sanitaria di Bressanone
> >    www.sb-brixen.it    -      www.as-bressanone.it
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
> 
> 


--------------------------------------------------------
Dr. Andreas Moroder
Sanit?tsbetrieb Brixen - Azienda Sanitaria di Bressanone
   www.sb-brixen.it    -      www.as-bressanone.it

samba - Aug 2002 - AW: Samba tries to contact external IP ?

AW: [Samba] Samba tries to contact external IP ?

AW: [Samba] Samba tries to contact external IP ?