strange log "log.devil"

Paul Civati paul at
Thu Feb 21 10:16:45 GMT 2002

David Foulis <dbfpyro at> wrote:

>  log.devil
>  [2002/01/16 01:17:08, 1] smbd/service.c:make_connection(550) devil
>  ( connect to service colani as user nobody (uid=65534,
>  gid=65534) (pid 751)
>   [2002/01/16 01:19:09, 1] smbd/service.c:close_cnum(583) devil
>  ( closed connection to service colani

This address ( connected to the service 'colani' for
about 2 minutes as the 'guest' user.  I expect 'devil' was the
WINS computer name being used by the connecting host.

>  The IP from host "devil" is is an internet number.

% whois -h
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit for more information.
% Rights restricted by copyright.
% See

inetnum: -
netname:      BLUEWINNET
descr:        Bluewin is an internet service provider in CH.
country:      CH
admin-c:      PZ1009-RIPE
tech-c:       AM1626-RIPE
tech-c:       MR1192-RIPE
status:       ASSIGNED PA
remarks:      In case of hack attacks, spam, scans etc. please
remarks:      send abuse notifications to hostmaster at

> Is it possible that "devil" would have been trying to enter a windows
> computer generally?

Hard to say what their motivation could be, but one could assume that they
might have been scanning IP blocks for open shares and/or old versions of
Samba daemons that are vulnerable to remotely exploitable root security

> and then with my system of course was answered by samba and did or did
> not get in.

They connected as the 'guest' user which I think means they would have
had read-only access to that share.

>  I also am not sure if I he did get in or just tried the passwords?

Looks like he connected as 'guest' which is the userid that can be
accessed if they do not have a valid login/password, it depends on how
your Samba is configured though.

> Or is the whole thing a misinterpretation by me and "devil" is some
> kind of programm  daemon?

I expect 'devil' was their WINS computer name.


More information about the Ukfreebsd mailing list