LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-20-2006, 10:16 AM   #1
phonecian
Member
 
Registered: Jul 2003
Location: Au
Distribution: SLES8, centOS 3.5 & 4 servers, xandros desktops
Posts: 95

Rep: Reputation: 15
I'm surprised by this, should I worry?


Despite having limited experience I look after a small business network. We use an IPCop firewall and on our internal network we have a Centos3 Fileserver and half a dozen linux desktops connected by nfs and a printer running IPP on port 631.

A short while ago, after the office was emptied and only the file server was running, I noticed a lot of activity on the firewall. Running ethereal on the file server gave me a stream of reports like the following. On our network 192.168.20.20 is the file server and 192.168.20.10 is the firewall's internal interface.
No. Time Source Destination Protocol Info
1934 306.961029 192.168.20.20 192.168.20.10 TCP 60214 > microsoft-ds [ACK] Seq=761 Ack=7736 Win=20440 Len=0

Frame 1934 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jul 20, 2006 23:33:13.806652000
Time delta from previous packet: 221.129479000 seconds
Time since reference or first frame: 306.961029000 seconds
Frame Number: 1934
Packet Length: 54 bytes
Capture Length: 54 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: TCP
Coloring Rule String: tcp

Why would a linux file server be sending TCP smb packets to the firewall?

Could someone enlighten me?
Thanks indeed
 
Old 07-20-2006, 05:30 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Probaly because you are running Samba on the Linux server. Samba is designed to allow one to do smb shares with MS-Windoze so you can mount Windows exports to Linux and vice versa. It certainly does smb traffic.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
WHAT, me worry? mr.mike General 35 05-27-2006 03:01 PM
Viruses... Should we worry about them xmdms Linux - Enterprise 10 01-21-2005 05:48 PM
Should i worry? Hovi Linux - Security 7 01-12-2004 04:16 PM
WineX error - aren't you surprised? poison5151 Linux - Software 0 04-23-2003 06:38 PM
TAR errors - to worry or not to worry?? dudeha Linux - General 2 12-31-2002 04:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration