Displaying 1 result from an estimated 1 matches for "canix".
Did you mean:
panix
2012 Jul 16
2
Suspicious activity on domain
...f the names in the trace from tcpdump, I can
reconstitute names of files on the server. Unless I'm mistaken this type
of information shouldn't be circulating on port 139?
Here is the version of Samba:
Samba version 3.4.9
Here is a sample of the trace from tcpdump:
17:46:35.838212 IP pdc-canix.xyzcivitas.com.netbios-ssn >
GBY-PC-125.xyzcivitas.com.1026: Flags [P.], ack 123157, win 65535,
length 1239 NBT Session Packet: Unknown packet type 0x38Data: (41 bytes)
[000] D5 F1 4E 73 4E 02 00 00 FB 04 00 00 2E 00 00 00
\0xd5\0xf1NsN\0x02\0x00\0x00 \0xfb\0x04\0x00\0x00.\0x00\0x00\0x00
[0...