[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] strange packets



Hi,

    I have a Samba file server on my network , which is connected directly to the internet. 
    I use a SuSEfirewall2 firewall. My local network is 192.168.10.0/24
    A couple a days ago, immediaty after  I restarted the Samba service I've noticed 2 strange
    attempted connections in the SYS_RECV state from the ip's 192.168.198.1 and 192.168.248.1
    I runed a tcpdump on the interface and this are the results that I receive every time when I try to acces a local workstation from another workstation in the workgroup:

        
samba: # tcpdump -v host 192.168.198.1
tcpdump: listening on eth0
15:54:35.216239 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 14273, len 48)
15:54:38.127516 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 14284, len 48)
15:54:44.143570 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 14335, len 48)
15:55:31.380908 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 32304, len 48)
15:55:34.241142 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 43568, len 40)
15:55:34.355161 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 44080, len 48)
15:55:40.257204 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 44336, len 40)
15:55:40.354232 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 45104, len 48)
15:54:35.216239 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 14273, len 48)
15:54:38.127516 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 14284, len 48)
15:54:44.143570 192.168.198.1.deskshare > samba.local.netbios-ssn: S [tcp sum ok] 747291326:747291326(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 14335, len 48)
15:55:31.380908 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 32304, len 48)
15:55:34.241142 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 43568, len 40)
15:55:34.355161 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 44080, len 48)
15:55:40.257204 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: . [tcp sum ok] ack 1 win 8760 (DF) (ttl 128, id 44336, len 40)
15:55:40.354232 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 45104, len 48)
15:55:52.352331 192.168.10.7.netbios-ssn > 192.168.198.1.h323hostcall: S [tcp sum ok] 257313301:257313301(0) ack 760741268 win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 46128, len 48)

What is going on?

            Thank you



----

Home, no matter how far...
http://www.home.ro

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here