[lug] Getting hacked through Samba?

Chip Atkinson chip at pupman.com
Thu Dec 30 09:18:54 MST 1999


I was going through /var/log and noticed an interesting file.  It was
samba-log.ralph and samba-log.starwolf.  The thing is that there are no
machines with the names ralph or starwolf on my network.  The date of the
ralph file is yesterday at 6:06 am, at which time I can assure you
legitimate no sysadmin stuff was going on. 

The contents of the ralph file is one line saying 
Closing connections
The starwolf file is 8 lines of the same.

Any ideas or suggestions?

Thanks in advance.

 Chip Atkinson 
 --- If I can't fix it, I can fix it so it can't be fixed --

More information about the LUG mailing list