fagostini Posted March 24, 2021 Share Posted March 24, 2021 (edited) Hello i have been noticing some weird things in my syslog recently and i am worried i might have been hacked. Mar 22 05:24:16 Gargantua smbd[78925]: [2021/03/22 05:24:16.388691, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 05:24:16 Gargantua smbd[78925]: reply_trans: invalid trans parameters Mar 22 06:12:01 Gargantua smbd[94749]: [2021/03/22 06:12:01.206465, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 06:12:01 Gargantua smbd[94749]: reply_trans: invalid trans parameters Mar 22 07:57:02 Gargantua smbd[130452]: [2021/03/22 07:57:02.480366, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 07:57:02 Gargantua smbd[130452]: reply_trans: invalid trans parameters Mar 22 08:00:37 Gargantua smbd[862]: [2021/03/22 08:00:37.197682, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 08:00:37 Gargantua smbd[862]: reply_trans: invalid trans parameters Mar 22 09:55:46 Gargantua vsftpd[39340]: connect from 192.241.229.40 (192.241.229.40) Mar 22 10:47:08 Gargantua rpcbind[56376]: connect from 147.203.255.20 to dump() Mar 22 11:39:25 Gargantua vsftpd[73482]: connect from 104.206.128.14 (104.206.128.14) Mar 22 11:45:55 Gargantua vsftpd[75646]: connect from 104.206.128.34 (104.206.128.34) Mar 22 12:24:44 Gargantua rpcbind[88532]: connect from 178.79.177.180 to dump() Mar 22 12:40:33 Gargantua smbd[93735]: [2021/03/22 12:40:33.433770, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 12:40:33 Gargantua smbd[93735]: reply_trans: invalid trans parameters Mar 22 13:44:59 Gargantua rpcbind[115137]: connect from 192.241.222.139 to dump() Mar 22 14:06:32 Gargantua smbd[122228]: [2021/03/22 14:06:32.453344, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 14:06:32 Gargantua smbd[122228]: reply_trans: invalid trans parameters Mar 22 16:24:30 Gargantua smbd[37268]: [2021/03/22 16:24:30.999049, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 16:24:30 Gargantua smbd[37268]: reply_trans: invalid trans parameters Mar 22 16:26:16 Gargantua smbd[37856]: [2021/03/22 16:26:16.483063, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 16:26:16 Gargantua smbd[37856]: reply_trans: invalid trans parameters Mar 22 19:21:44 Gargantua smbd[96285]: [2021/03/22 19:21:44.027448, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 19:21:44 Gargantua smbd[96285]: reply_trans: invalid trans parameters Mar 22 19:34:58 Gargantua smbd[100588]: [2021/03/22 19:34:58.929134, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 19:34:58 Gargantua smbd[100588]: reply_trans: invalid trans parameters Mar 22 19:50:20 Gargantua smbd[105914]: [2021/03/22 19:50:20.334158, 0] ../../source3/smbd/process.c:341(read_packet_remainder) Mar 22 19:50:20 Gargantua smbd[105914]: read_fd_with_timeout failed for client 23.90.145.51 read error = NT_STATUS_END_OF_FILE. Mar 22 20:07:32 Gargantua kernel: svc: svc_tcp_read_marker nfsd RPC fragment too large: 1195725856 Mar 22 21:38:25 Gargantua smbd[11326]: [2021/03/22 21:38:25.309615, 0] ../../source3/smbd/ipc.c:843(reply_trans) Mar 22 21:38:25 Gargantua smbd[11326]: reply_trans: invalid trans parameters edit: i have changed the root password in the web ui Edited March 24, 2021 by fagostini Quote Link to comment
Squid Posted March 24, 2021 Share Posted March 24, 2021 Is your server in the router's DMZ? What ports have you forwarded to the server? Quote Link to comment
fagostini Posted March 24, 2021 Author Share Posted March 24, 2021 (edited) I forwarded 443 to a docker that is on br0 not bridged. edit i did forward port 1194 for openVPN to ip of server for docker Edited March 24, 2021 by fagostini Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.