Here is the contents of my /var/log/samba directory. Who the hell are all these other machines. Hawg, Wine, and erinpc are all in my network. All these other machines I have no clue where they came from. Has my machine been hacked or something. I'm on Time Warner Road runner service.

-rw-r--r-- 1 root root 0 Jun 24 20:36 smbd.log
-rw-r--r-- 1 root root 228 Jun 24 22:19 log.winbindd
-rw-r--r-- 1 root root 0 Jun 25 02:36 hrechko.log
-rw-r--r-- 1 root root 2049 Jun 25 10:27 wine.log
-rw-r--r-- 1 root root 225 Jun 25 10:44 hawg.log
-rw-r--r-- 1 root root 110 Jun 25 17:27 mike.log
-rw-r--r-- 1 root root 9438 Jun 25 18:06 log.smbd
-rw-r--r-- 1 root root 50933 Jun 25 18:12 log.nmbd
-rw-r--r-- 1 root root 0 Jun 25 19:06 front desk.log
-rw-r--r-- 1 root root 110 Jun 26 06:04 shannon.log
-rw-r--r-- 1 root root 0 Jun 26 22:32 raymond.log
-rw-r--r-- 1 root root 0 Jun 27 18:51 2zy9d01.log
-rw-r--r-- 1 root root 226 Jun 28 16:32 valuestar.log
-rw-r--r-- 1 root root 15797 Jun 28 17:37 erinpc.log
-rw-r--r-- 1 root root 114 Jun 28 18:08 downstairs.log

Each files contains something to the effect of

[2002/06/26 21:54:52, 0] smbd/service.c:make_connection(249)
valuestar (218.45.54.140) couldn't find service c

Some files are4 completly blank. Is this normal or should I start to worry.

I would say you have a line like this in your smb.conf file:

log file = /var/log/samba/%m.log
This creates a separate log file for each client that accesses your machine using the NetBIOS name of the remote machine for the log file name.
If there are names there that you don't recognize, someone is trying to or has accessed your Samba machine. Got any neighbors name Mike, Shannon or Raymond?
Of course, any good hacker would cover his tracks and deleted the log file from his machine or at least have deleted it's contents. The only thing you can be absolutely sure of is that some unknown person has accessed your machine.

If it were me, the bare minimum I'd do is try to run some kind of virus checker on my Samba shares to make sure someone didn't copy a virus infected file or something there. Whatever else you do depends on your level of paranoia.

You need to tighten up security on your network in general and for Samba.

Probably the best and easiest thing to do for Samba is restrict access to it from only machines on your network. Do this with a line in your smb.conf file something like:

hosts allow = 192.168.1. 127.
This would allow only the local computer and all computers on the 192.168.1.0 network to access the machine. All others would be denied. You would need to substitute your network address in the line. Be sure to use the period after 192.168.1. or it won't work. Also, if you use the hosts allow line, be sure to include 127. in the line or some of the services that run on the local machine won't be able to run properly and Samba wont' run properly.
Instead of using the network address, you could specify the specific IP addresses of the machines on your network.
There are other security settings you can use in smb.conf. See the man page on the smb.conf file for more options and details.
You should also consider setting up some sort of firewall on your network to keep out intruders from the Internet.

Thanks

I do have a firewall up but it doesn't block out 111 or the netbois. That need to be the next thing I add. I added the host.allow line to the global section of the smb.conf. I would have thought that samba would use the /etc/host.allow and hosts.deny file.

I'm still very new to the whole networking thing. While I'm proud that I was able to set up a gateway and nfs /samba server I'm not ready to pat myself on the back yet. I've realized my ignorance when it comes to security and am felling a bit paranoid.

I'm pretty paranoid here myself. I don't have an "always on" Internet connection so I don't have the problem with snoopers as some folks do. I'm using a dial up ISDN connection and my ISDN router provides a pretty good firewall.

If you're looking for a good book on Linux security, check out Hacking Linux Exposed from Osborne. It really does a good job of explaining how hackers break in to a system and what to do to stop them.

Good luck.