> On Wed, 20 Mar 1996, David Lynes wrote:
>
> >
> > Could someone please tell me what the following message in the syslog
> > file means?
> >
> > inetd[44]: /usr/sbin/nmbd: exit status 0x1
> > [last message repeated 26 times.]
>
> Anybody finding these messages in their syslog, or the nmbd program in
> their /etc/inetd.conf file should IMMEDIATELY shut down inetd, remove the
> line concerning nmbd, and check their nmbd file size. I'm not sure if
> there is a legitimate program out there named nmbd, but that is one of
> the back doors that was installed in my system a few weeks ago. It
> allowed anyone telnetting to port 41 the ability to reboot or shutdown my
> machine! The file size on my machine was approxiamately 4K (I'm not sure
> since I removed it from the hard drive completely, would have to pull it
> off of tape). If no one knows of a real use for this program, or a real
> program under this name, then it may very well mean that your machines
> security HAS been comprimised!
OK, so there is a real use for this program, part of the Samba suite,
which I didn't ask to be installed but it was anyway. This explains why
I wasn't familiar with it. However, do check the file size to make sure
your copy of nmbd hasn't been tampered with. On my system, I guess they
overwrote my nmbd with their own. When I noticed the security hole
however, I was getting similar error messages in my syslog files. If the
real samba client will do what this one was doing, that would be very
bad! You can test yours out by telnetting to the port nmbd is on. On my
system you would get no prompt, but you also would have a live
connection. Typing shutdown at this live connection would do just that,
shut the system down. Sorry if my previous post caused any undue concern :(
>
> *****************************************************************************
> * Doug Ledford * Unix, Novell, Dos, Windows 3.x, *
> * dledford@dialnet.net 873-DIAL * WfW, Windows 95 & NT Technician *
> * PPP access $14.95/month *****************************************
> * Springfield, MO and surrounding * Usenet news, e-mail and shell account.*
> * communities. Sign-up online at * Web page creation and hosting, other *
> * 873-9000 V.34 * services available, call for info. *
> *****************************************************************************
>
>
*****************************************************************************
* Doug Ledford * Unix, Novell, Dos, Windows 3.x, *
* dledford@dialnet.net 873-DIAL * WfW, Windows 95 & NT Technician *
* PPP access $14.95/month *****************************************
* Springfield, MO and surrounding * Usenet news, e-mail and shell account.*
* communities. Sign-up online at * Web page creation and hosting, other *
* 873-9000 V.34 * services available, call for info. *
*****************************************************************************