Currently Being ModeratedNov 7, 2011 8:13 AM (in response to VincensoXFIN)
"...another company in the same building, and in same network..."
Well, there's your problem: people who don't have any business looking at your file server are, naturally, looking at it because they can see it.
Why in the world are you running a single network shared between different companies?
Currently Being ModeratedNov 7, 2011 8:17 AM (in response to VincensoXFIN)
Not the answer to your question... But that log would scare me.
Not because of the netbios chatter, but because your file system is apparently accessible to remote servers.
Is there a particular reason why your file system is accessible to remote systems?
Exposing your server's file system to untrusted networks is generally considered a Bad Idea, as (and ignoring this Windows netbios log-file chatter) there are and will be attacks, and there have been file system vulnerabilities in the past.
A more typical installation uses a gateway-firewall box, and uses server-based or (less desirably) pass-through VPN access to connect to resources on your local network including CIFS/SMB.
Currently Being ModeratedNov 7, 2011 9:43 AM (in response to MrHoffman)
Ok, lets get into detail and clear out few things. First, I am not running the whole network in this building.
My server is working in two subnets because :
172.17.6 - This is our Institutes main network for all our computers, only we use this network.
172.17.144 - This is closed network, but is shared within all companies and other institutes in this building. We use this because of the location of our management department. We can not operate in 172.17.6 network here, because we share a common printer&copier with another institute. We own it, but I can not set it to 6 network, or I would deny them for using it, and they are paying rent for it. We have about 7 computers in this network, 2 pc and 5 macs.
I am trying to get rid of the pcs, and we only have 3 pc total in the institute, but we are using Windows based payroll management programs, and cant change to Mac based yet. Still, I wouldnt want to even use SMB, but I have to, to get pc's access to our shared files. I have disabled all guest access.
So, any comments? How could I resolve this? I understood that the machines are trying to look into my server, but why they are even doing that? Is it automatic? I am only using SMB to share files to few windows clients.
I might add, server is not accessible remotely from anywhere else than in these two networks
Currently Being ModeratedNov 7, 2011 5:44 PM (in response to VincensoXFIN)
Are those seven computers on the 172.17.144.0/24 "open" network, or on the 172.17.6.0/24 "private" network?
Is the chatter from the 172.17.6.0/24 "open" network?
Locate a server-grade firewall-router at 172.17.144.whatever (in place of your Mac), and make that the sole connection into 172.17.6.0/24 network. Move the Mac entirely onto the 172.17.6.0/24 "private" network. (Better: work with whomever is managing the existing router that's probably between these networks.)
If your seven computers are on the 172.17.144.0/24 network, now configure those seven systems with VPN access or firewall rules, and permit access through the firewall. (Or work with whomever is managing the connection between 172.17.144.0/24 and 172.17.6.0/24.)
Currently Being ModeratedNov 8, 2011 2:12 AM (in response to MrHoffman)
The seven clients are in the 172.17.144 network. Rest are in the 172.17.6 network, with the server. The chatter seems to come from both networks, some connectiong to 172.17.6.90 and some 172.17.144.160, both are my servers addresses.
I dont still understand this, because this problem has just appeared, I look thru the logs in weekly basis and the server has been running for over an year now, and this has not happened. But now, suddenly it seems like all the computers from the "company" that is managing this building/facility is bombing my server with requests to access my smb shares. Its frustrating because I dont have management access to any routers, I can physicaly plug in connections and I think I know what comes and goes from/to where, but I have no authority to access them. I think I need to find someone who does.
I dont see why even Macs are bombing my SMB?