WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Strange logs showing in /var/log/samba  (Read 4097 times)

Offline PingPing

  • Jr. Member
  • **
  • Posts: 99
Strange logs showing in /var/log/samba
« on: July 07, 2009, 08:45:23 AM »
I took a quick look at the logs in /var/log/samba and noticed I had loads from machines I don't recognise, eg.:

/var/log/samba/log.porky
/var/log/samba/log.66.118.164.220
/var/log/samba/log.190.57.98.155
/var/log/samba/log.201.252.6.155
/var/log/samba/log.f__nyig__bor-pc
/var/log/samba/log.80.98.12.98
/var/log/samba/log.41.243.31.202
/var/log/samba/log.newton___
/var/log/samba/log.0.0.0.0
/var/log/samba/log.jcthc
/var/log/samba/log.
/var/log/samba/log.91.115.221.119
/var/log/samba/log.newtonto_
/var/log/samba/log.lqpxf2isqgev1bgk
...

My /etc/samba/smb.conf has the line "logfile = /var/log/samba/log.%m"
and I only have three machines on my network (hostnames):

netbook
asrock
box

I'm concerned that I've had a break-in/been cracked.
Looking at some of the logs there are lots of things like:

Quote
getpeername failed. Error was Transport endpoint is not connected
  read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.

Quote
[2009/06/29 11:11:49,  1] smbd/service.c:make_connection(1284)
  make_connection: refusing to connect with no session setup

The server sits behind my firewall/gateway and the only port open is 80 (I run my busybox httpd on the same machine as samba).

Am I the victim of a bot net?