[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suspicious smbd connections

On Tue, Dec 23, 2003 at 07:01:01PM +0100, outsider wrote:
> Last time I frequently get messages like
> "smbd[949]: refused connect from " in my /var/log/syslog. Every time 
> with new IP-address. What are these connections? Is somebody trying to 
> scan me or what is the reason for these messages?

You are being scanned.  Get used to it.  You're not specifically being
targetted, but rather your IP address was randomly generated by some
worm on some Windows box and a connection attempt was made.  If you're
feeling particularly motivated, you can try to track down the owner of
the infected machine (or at least the owner of the netblock it lives on)
and inform them, but it probably won't do you much good.  I suspect that
you'll quickly find that most owners are simply not responsive.


Hello to all my friends and fans in domestic surveillance.

Attachment: pgpeAx4qubhdP.pgp
Description: PGP signature

Reply to: