lots of denied SMB-connections from the Internet

[c00l.wave]

I was just wondering why I get flooded with lots of SMB-connection requests - is there a new worm or maybe just an old one trying to spread this way? I get about 2 connections per minute, leaving a "[smbd] Denied connection from (xxx.xxx.xxx.xxx)_" in my log files. If I resolve all IPs to hostnames I can see that most of them are from other users of my ISP (Germany, 1&1), but there are also many many connections from Russia, Poland, USA, Mexico, Brazil, Argentina, even South Africa. I don't believe these are script-kiddies hanging around with the 1337est portscanner they could find in a 2 minute-search on Google; it just happens too frequently.

[steveb]

i would not care about that kind of stuff. but i would care about the open port you have on your server. why the hell do you not close the access to smbd on the internet interface with a firewall? leaving smbd runing on the internet interface is probably not the best thing you could do.

cheers

SteveB

[c00l.wave]

You're right, I will close it using iptables. I was just curious about the huge amount of log files (>50MB) produced by samba since I turned my box into a router 2 weeks ago (maybe that's why I didn't close it earlier).

Edit: Okay, seems like I just missed to set my interface in smb.conf - but I would still be interested in the source of these connection attempts.

Edit 2: Grrrr, looks like I would have to read something about smb.conf tomorrow - I thought I configured it to listen only on interface eth0 but it's still getting outside connections.

[steveb]

phuu.... why is that info so important to you?

you could maybe log the data send to your system and then look what kind of suff get's transfered. maybe you would then know what it is. but to be honest: don't bother with it.

it would take you so much time and would probably not be of any help for you.

cheers

SteveB