samba - Feb 2023 - Bad SMB2 (sign_algo_id=1) signature for message?

Another message appeared in the log after 4.13=>4.17 upgrade:

[2023/02/07 23:21:58.677059,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
   Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:21:58.677184,  0] ../../lib/util/util.c:571(dump_data)
   [0000] B9 83 A8 8D A6 D4 8D A3   6A 8E 51 28 C0 91 20 9D   ........ j.Q(.. .
[2023/02/07 23:21:58.677264,  0] ../../lib/util/util.c:571(dump_data)
   [0000] 4E DF F2 77 95 E4 BE B8   59 AB 44 91 A4 82 0B 2B   N..w.... Y.D....+
[2023/02/07 23:31:59.041881,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
   Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:31:59.041997,  0] ../../lib/util/util.c:571(dump_data)
   [0000] 58 52 74 5E 39 F3 1B 44   75 5C F3 9B 92 66 50 CC   XRt^9..D u\...fP.
[2023/02/07 23:31:59.042053,  0] ../../lib/util/util.c:571(dump_data)
   [0000] F5 4D E3 46 E2 EB 3B 99   B0 5D 74 FC 9F 5B FF C7   .M.F..;. .]t..[..
[2023/02/07 23:41:59.419190,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
   Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:41:59.419300,  0] ../../lib/util/util.c:571(dump_data)
   [0000] C4 CF B7 2E AD E3 45 3C   97 EA A6 AC DD 0F 3A C2   ......E<
......:.
[2023/02/07 23:41:59.419356,  0] ../../lib/util/util.c:571(dump_data)
   [0000] 46 6F 0B 9B 69 70 0E 05   FD 02 4F 74 F3 45 65 25   Fo..ip.. ..Ot.Ee%
[2023/02/07 23:51:44.186860,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
   Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:51:44.187006,  0] ../../lib/util/util.c:571(dump_data)
   [0000] D1 EF 35 D9 99 9C 4F F7   C0 3C 85 EA 32 4A 0C EF   ..5...O.
.<..2J..
[2023/02/07 23:51:44.187066,  0] ../../lib/util/util.c:571(dump_data)
   [0000] 0E 53 97 61 B7 E3 BB BE   0A 94 71 9B 0F AD 13 2A   .S.a.... ..q....*
[2023/02/07 23:51:59.778881,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
   Bad SMB2 (sign_algo_id=1) signature for message
[2023/02/07 23:51:59.778990,  0] ../../lib/util/util.c:571(dump_data)
   [0000] 2F 9B 8C 2F 96 EE 62 03   1F 6D 26 28 CA D2 7E EF   /../..b.
.m&(..~.
[2023/02/07 23:51:59.779047,  0] ../../lib/util/util.c:571(dump_data)
   [0000] 00 F3 93 F8 14 50 3D 68   97 CE 7D 2B 14 03 47 50   .....P=h ..}+..GP

This one does not occur as frequently as the access denied one, and I had no
time
to analyze where these are coming from, yet. Seems to be happening every 10
minutes.

Should I be concerned about these messages?

Thanks,

/mjt

On Wed, Feb 08, 2023 at 01:54:20AM +0300, Michael Tokarev via samba
wrote:
>Another message appeared in the log after 4.13=>4.17 upgrade:
>
>[2023/02/07 23:21:58.677059,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
>  Bad SMB2 (sign_algo_id=1) signature for message
>[2023/02/07 23:21:58.677184,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] B9 83 A8 8D A6 D4 8D A3   6A 8E 51 28 C0 91 20 9D   ........ j.Q(..
.
>[2023/02/07 23:21:58.677264,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] 4E DF F2 77 95 E4 BE B8   59 AB 44 91 A4 82 0B 2B   N..w....
Y.D....+
>[2023/02/07 23:31:59.041881,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
>  Bad SMB2 (sign_algo_id=1) signature for message
>[2023/02/07 23:31:59.041997,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] 58 52 74 5E 39 F3 1B 44   75 5C F3 9B 92 66 50 CC   XRt^9..D
u\...fP.
>[2023/02/07 23:31:59.042053,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] F5 4D E3 46 E2 EB 3B 99   B0 5D 74 FC 9F 5B FF C7   .M.F..;.
.]t..[..
>[2023/02/07 23:41:59.419190,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
>  Bad SMB2 (sign_algo_id=1) signature for message
>[2023/02/07 23:41:59.419300,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] C4 CF B7 2E AD E3 45 3C   97 EA A6 AC DD 0F 3A C2   ......E<
......:.
>[2023/02/07 23:41:59.419356,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] 46 6F 0B 9B 69 70 0E 05   FD 02 4F 74 F3 45 65 25   Fo..ip..
..Ot.Ee%
>[2023/02/07 23:51:44.186860,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
>  Bad SMB2 (sign_algo_id=1) signature for message
>[2023/02/07 23:51:44.187006,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] D1 EF 35 D9 99 9C 4F F7   C0 3C 85 EA 32 4A 0C EF   ..5...O.
.<..2J..
>[2023/02/07 23:51:44.187066,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] 0E 53 97 61 B7 E3 BB BE   0A 94 71 9B 0F AD 13 2A   .S.a....
..q....*
>[2023/02/07 23:51:59.778881,  0]
../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
>  Bad SMB2 (sign_algo_id=1) signature for message
>[2023/02/07 23:51:59.778990,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] 2F 9B 8C 2F 96 EE 62 03   1F 6D 26 28 CA D2 7E EF   /../..b.
.m&(..~.
>[2023/02/07 23:51:59.779047,  0] ../../lib/util/util.c:571(dump_data)
>  [0000] 00 F3 93 F8 14 50 3D 68   97 CE 7D 2B 14 03 47 50   .....P=h
..}+..GP
>
>This one does not occur as frequently as the access denied one, and I had no
time
>to analyze where these are coming from, yet. Seems to be happening every 10
minutes.
>
>Should I be concerned about these messages?
Which client are they coming from ?