Wrong Ports Open

Discussion in 'all things UNIX' started by hogndog, Jun 24, 2013.

Thread Status:
Not open for further replies.
  1. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    I've disabled ports 137-139 & 445 in Windows XP, today i checked my installation of Linux Mint 14 on a USB stick ran a quick scan this is the result..

    PORT STATE SERVICE
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    631/tcp open ipp
    No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

    Is this a reason for concern? In Windows i was able to carry it out in the registry with no problems but this?:argh:

    tia..
    Hogndog
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    139 and 445 are probably due to the Samba server, which Mint enables by default. If you do not use it, you should probably disable it. ('update-rc.d samba disable' or something along those lines.)

    631 is CUPS, and for most desktop purposes it should be listening on localhost only. Try looking in /etc/cups/cupsd.conf, there should be a line about restricting it to localhost.

    Stuff like this is probably not that dangerous on a home network (but don't take my word for it). OTOH I would not abide it on a laptop, or any computer that might be exposed to an untrusted network without the protection of a hardware firewall.

    P.S. If your router has decent logging facilities, take a look at some of the packets it's dropped lately. You will probably see lots of stuff on ports 139 and 445. 631 probably not so much, but there have been network attacks against CUPS.
     
  3. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    I wasn't sure what to think being its on a thumb drive, I'll do as you suggest and see what comes of it. Add to the mix this is a Linux install its probably in a different category..

    Thanks Gullible..:thumb:
     
  4. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    Well Mr. Jones i ran a test from GRC these are threir findings..:D

    Attempting connection to your computer. . .

    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

    Your Internet port 139 does not appear to exist!

    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

    Unable to connect with NetBIOS to your computer.

    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
     
Loading...
Thread Status:
Not open for further replies.