Re: strang log

From: Chris Weber [Security MVP] (chris_at_dev.nul)
Date: 06/21/05

  • Next message: Peter Rus: "Is local system account member of local Administrators group?"
    Date: Mon, 20 Jun 2005 22:05:42 -0700

    Can you run a sniffer? Do you see TCP like acks going back and forth? If
    the address is spoofed, like you said, your server would not be able to talk
    back to this smbdy.

    "Simo Sentissi" <> wrote in message
    > hello there
    > I have a strange occurence of smbdy trying to login as local admin on a
    > server box, since it locks out and back after 30 mins the same thing
    > repeats again.
    > I looked at the details and I noticed that the origination address is a
    > 192.168 addr wich do not belong to our network? I am kind of puzzeled !
    > how can the tcp/ip transaction finish if address is spoofed or it that
    > data from some netbios header ?

  • Next message: Peter Rus: "Is local system account member of local Administrators group?"

    Relevant Pages

    • Re: Log Out Issues
      ... Any reason you are not using TCP instead of UDP? ... > so that messages are resent until ACKS are received in reliable cases. ... > Lets say the client sends a log out request to the server reliably. ...
    • Re: Re[5]: Assymetric NIC performance problem
      ... I've got a FreeBSD file server running Samba, file upload speeds are okay, ... Client connecting to, TCP port 5001 ... Sorry, I didn't know that UDP bandwidth must be specified manually, ...
    • Re: Internal TCP/IP send buffer?
      ... and that has to be decided at your proxy server. ... UDP or a separate TCP connection to the target and periodically ... connections) constitutes a completely different source of latency. ...
    • Re: Netzwerkproblem GBit -> 100MBit
      ... GBit-Kette - flow control zwingend notwendig sei. ... zwischen Client und Server. ... Das kann TCP an der Stelle nicht mehr leisten. ...
    • Re: [opensuse] Need help with NFS
      ... each with both a server and a client. ... there is an error message: "Unable to mount the NFS entries ... 100000 4 tcp 111 portmapper ... 100000 4 udp 111 portmapper ...