5

nmap scan of my ubuntu computer, output when ran with -sV:

139/tcp  open  netbios-ssn         Samba smbd 3.X (workgroup: MEDIAPC)
445/tcp  open  netbios-ssn         Samba smbd 3.X (workgroup: MEDIAPC)

I know what other services are being run but I do not know what is being run on 139 or 445. I did a little bit of googling and found:

http://www.speedguide.net/port.php?port=445

http://www.speedguide.net/port.php?port=139

Both of these sound like they are related to windows and or file sharing in windows. My computer is set up with a samba share, but nothing I would want broadcast over the web.

I am wondering, are these ports actually open? If so, should they be? From the googling I did it sounded like a lot of people have these ports show up as "filtered" yet mine are showing up as "open".

I am mainly wondering because I have disabled UPnP and figured this would mean I would have an idea of all my open ports. I was not expecting to see 139 or 445 tcp ports open so I wondering if there is some reason for this. Just looking to possibly learn more about my network and increase security.

nmap scan for my router using -sV:

Nmap scan report for router.asus.com (192.168.1.1)
Host is up (0.011s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE     VERSION
53/tcp   open  domain      dnsmasq 2.76-g0007ee9
80/tcp   open  http        httpd/2.0
139/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
8200/tcp open  upnp        MiniDLNA 1.1.5 (Linux 2.6.38-11-generic-pae; DLNADOC 1.50; UPnP 1.0)
Improve this question
7
  • @dogeatcatworld kind of wondering why I am seeing upnp when running the nmap on my router since I have disabled the upnp feature on the router. Also does this mean that my samba share would be accesiable from the outside web? That's certainly not what I am intending, I would only like the share to be within my LAN.
    – Charles S
    Commented Apr 26, 2016 at 21:08
  • 1
    I edited your question as if you ran the -sV from the beginning. I hope I captured your question well. It got confusing with your last edit.
    – schroeder
    Commented Apr 26, 2016 at 21:17
  • 1
    Samba uses ports 139 and 445, as you know. Now that you have more information, what is your question? Is it still "shouldn't these be filtered?" Your latest edits seem to now be concerned with UPnP. Can you clarify?
    – schroeder
    Commented Apr 26, 2016 at 21:19
  • You can just disable smbd service if you want.
    – user32902
    Commented Apr 26, 2016 at 21:32
  • @schroeder Sorry, looking back I realize I was pretty scatter brained in my original question. Basically I was wondering if these ports need to be open for me to use the samba share within my LAN. From my understanding the fact that they are open would mean someone from outside my LAN potentially could be viewing the samba share too. I also was suprised to see nmap refer to "upnp" when scanning my router as I have disabled the upnp service on my router. I thought disabling upnp meant that I would have to manually forward a port for it to open.
    – Charles S
    Commented Apr 26, 2016 at 22:04

2 Answers 2

Reset to default
2

Since you already know you're running Samba, then explaining that running netstat -nap as root on the host will tell you what daemon is listening is somewhat redundant - but worth mentioning for anyone else reading this in future.

I only ever want the samba share to be able to be seen within my LAN.

You've told us nothing about how your LAN connects to other networks. Assuming that this not part of a larger corporate network, but just a domestic / small office environment, then presumably you have some sort of router. Even very basic internet routers provide the capability to block ports. And it would be very unusual in this context to have anything other than a single masqueraded IP address. In such a case, unless you have explicitly enabled port forwarding on the router (or the router is compromised) the outside world will not be able to connect to your server. Having said that, I would consider it good practice to block the router from connecting to these services on the host itself with IPtables. Although there are gui tools (such as Firestarter) it may be difficult to add a rule to exclude specific hosts from access.

Of course, if my assumptions about your network are different, then the solution is different.

Improve this answer
0

Anyone over the internet can SMB connect to your workstation if

  • Router is port forwarding SMB to you. To check try smbclient \\\\router_ip\\smb_share_name.

  • Router is not properly configured to block port forwarding request from external networks.

The best thing you can do is to firewall SMB ports to all IP's except internal IP's using iptables.

Improve this answer
1
  • I tried adding "routerip\smb_share" as a samba share but it says it cannot be accessed. I assume this means everything is working as intended. I guess I just would have thought based on what nmap was showing my samba share would be viewable outside my network. I will maybe have to look into your iptables suggestion.
    – Charles S
    Commented Apr 26, 2016 at 23:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .