Strange Browse attempts - Linux SMBD

["Beta3" <acidreign () beta3 no-ip com>]

Gday all.

Not a frequent poster, but i find some interesting discussions here. Before
I get to my question, I'll fill you in with some background information.

The honeypot in question, is a i686 machine, running Gentoo Linux.  Gentoo
was chosen as they disclose security issues to a subscriber list.   This
allows me to easily keep up with what services are vunerable on the machine.

It is located in Australia on a 2mb both ways DSL subscriber line, so it has
adequate bandwidth.  There are no compiler tools, not alot of hard drive
space, and its rate limited with connections to/from via the upstream
router.

Many services are started, ftp/smb/http/https, and it appears to be running
an e-commerce site (although its very fake, cant even login, intentionally
false php scripts).

I am continually getting some strange lines in my log files, such as

Dec 18 15:23:31 hava1  smbd[4029]:   alevrius_ (200.67.154.176) couldn't
find service c

and

Jan 26 03:36:05 hava1  smbd[4029]:   alevrius_ (209.131.250.83) couldn't
find service c

and

Jan 26 03:51:01 hava1 smbd[4029]:   localhost (218.47.73.5) couldn't find
service c


These attempted connections are in groups of three, and have been happening
over a month.  A quick search using google, does turn over some results,
although nobody seems to have found a solution.

One could assume that this is a automated script of some sought, but no
resuts have been found.  The first probe originated on Dec 12th 2002 from a
cox cable account, and I am still getting these probes even today.  I have
found that they center around 3:30 till 6:30 EST, and originate mostly from
the USA, with some attempts from central europe.

Any ideas what this is  ?

Wade Mealing