Hi Anreas,
I have problems interpreting the PIX output
> -----Urspr?ngliche Nachricht-----
> Von: Andreas Moroder [mailto:andreas.moroder@sb-brixen.it]
> Gesendet: Donnerstag, 8. August 2002 07:56
> An: Uli Luckas
> Cc: samba@lists.samba.org
> Betreff: Re: AW: [Samba] Samba tries to contact external IP ?
>
>
> Hello Uli,
>
> the packet are TCP. Our PIX does not give alarms about packet
> trying to come in,
> so it looks like our machine is the culprit.
Well if the packet sliped through some configuration error or Cisco bug it
would most likely not be logged either ;-) Maybe someone inside your
firewall thinks it's funny to contact your samba server with an external ip?
Of course the return packets would be routed to the firewall.
Any way, all just guessing. if only I knew, wether the packets in your log
are SYN packets...
> The debug of a few of this packets gives me the following
> output. I hope you can
> extract the necessary informations.
>
> Vielen Dank
> Andreas Moroder
>
> PixBrixen# --------- PACKET ---------
>
> -- IP --
> eliot_gate ==> 209.67.79.132
>
> ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x3c
> id = 0xbc1a flags = 0x40 frag off=0x0
> ttl = 0x3f proto=0x6 chksum = 0x4f99
>
> -- TCP --
> source port = 0xaaf7 dest port = 0x1bdsyn
What is
this?->->->->->->->->->->->->->->->->->->->->-^^^^^^^^
Did the line breaks get messed up? If so we might have a "syn" here.
Do you
still get these packets?
Well I guess I just don't know how to read PIX logs. Sorry
> seq = 0x6f8f7a86
> ack = 0x0
> hlen = 0xa window = 0x16d0
> checksum = 0x8820 urg = 0x0
> tcp options: 0x2 0x4 0x5 0xb4
> 0x4 0x2 0x8 0xa 0x1b
> 0xa7 0xc6 0
> x9c
> 0x0 0x0 0x0 0x0 0x1
> 0x3 0x3 0
> x0
> --------- END OF PACKET ---------
By the way, I think samba does not know native SMB over TCP/IP - it should
not be using port 445 at all. Your samba box does not happen to be a RedHat
6.2 or RedHat 7.0? ...
Uli Luckas
