Displaying 2 results from an estimated 2 matches for "5923ea2e".
2017 May 23
0
Windows 10 spawning thousands of child processes on Samba 4.3.11 server
...nd accessing applications
on the Samba share. Server IP is 10.10.1.6, servername "india". The share
is mounted with username "production" which is in smbpasswd:
root# pdbedit -w -L
production:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:43DEDBC664EA95353348102454C3BD:[U
]:LCT-5923EA2E:
administration:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:4FF63806DDD0952F97B03608A7FDC4:[U
]:LCT-5923EA5E:
Here is a log snippet:
[2017/05/23 10:51:59.104021, 3]
../source3/smbd/service.c:774(make_connection_snum)
win8-13 (ipv4:10.10.1.63:51224) connect to service IPC$ initially as user...
2017 May 23
2
Windows 10 spawning thousands of child processes on Samba 4.3.11 server
On Tue, 23 May 2017 08:44:42 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Did you TV/Radio broke?? ;-)
>
> This really smells like some malware/cryptoware.
> Seen this ones on a network, and that was a cypto trying to write to
> shares. And they to that really really fast.
>
> Increast the samba debug logs and track if this is