View Single Post
staph
Microbial member
 
Join Date: May 2004
Send a message via AIM to staph  
2004-06-29, 22:10

Quote:
Originally Posted by ThunderPoit
ok, so i was messing around w/ some konfab. widgets, and i found this one that shows who is logged into your system, and any other network connections you've made. i was a little startled to see an ip that was not on my home network logged in via samba. the ip addy is 67.142.27.66.
i went and checked the samba log and found over 6000 failed login attempts. does anyone know, aside from digging through logs, how to see someone attempting or succeeding to log into your machine?
You can check active SMB connections with the smbstatus utility. Just open up a terminal, and type smbstatus.

You probably want an intrustion detection program like Snort, which can, amongst other things, detect attempts to break in through SMB. There's a gui-fied version called HenWen which is free for personal, non-profit or educational use.

You might want to fiddle with your firewall to disallow smb connections from outside your local network. Brickhouse apparently still works as a configuration utility for OS X's firewall, and I stumbled over Sunshield this morning, which might also be useful. Little Snitch, properly configured, is a very easy way to stop unauthorised network connections as well.

Last edited by staph : 2004-06-29 at 22:21.
  quote