Linux Mint Forums

[NewsAndHistory]

I keep getting a firewall hit from an IP Address192.168.1.4 on port 137. Protocol is UDP. Source is something called Samba.I looked up Samba and it has something to do with file sharing of windows documents. I don't share files and I'm not on a wireless network for people to be hacking into my computer. What is the deal with this and how do I keep it out of my computer? I keep getting hits from it.

I'm a newbie. Please keep responses simple, easy-to-follow instructions appreciated.

[xenopeek]

Are you using Linux Mint 11? Or something else...

In case you are using the Linux Mint 11. Open a terminal, and run the following commands to stop Samba:

Code: Select all

sudo stop nmbd
echo manual | sudo tee -a /etc/init/nmbd.override

sudo stop smbd
echo manual | sudo tee -a /etc/init/smbd.override

The first command in each group disables it directly, the second command in each group disables it for future reboots. You will have to enter your password, note that the cursor won't move and characters won't appear as you type.

Another service you might want to stop is Avahi / Zeroconf. This is for easily finding other computers on your network, and to connect to Apple fileshares. If you don't use either of those, disable with:

Code: Select all

sudo stop avahi-daemon
echo manual | sudo tee -a /etc/init/avahi-daemon.override

Last but certainly not least, make sure you have enabled the firewall! This would block all traffic regardless of the services running or not (you would have to specifically allow a service to receive traffic, else the firewall will block all incoming connects). Go to Menu -> Control Center -> Firewall Configuration and make sure "Enabled" is checked.

After reboot confirm your firewall is active, by running:

Code: Select all

sudo ufw status verbose

This should reply as follows, make sure the red parts match:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

Now check with:

Code: Select all

sudo ufw show listening

Which services are still listening and allowed to receive traffic. For me this says:

tcp:
udp:
123 192.168.1.33 (ntpd)
123 * (ntpd)
68 * (dhclient)

You need the dhclient to get an IP address from your broadband modem or router, and the ntpd I have running for my machine to synchronize the clock with internet servers.

Finally, you can do a ports probe from https://www.grc.com/x/ne.dll?bh0bkyd2, and see if any ports remain open to the internet that shouldn't.

Usually the firewall in your broadband modem also blocks all incoming traffic, so you would have been quite safe to computers outside your own network. Defense in depth is better however (having redundant defenses, like also running a firewall on your machine, and also disabling any services you don't need).

[NewsAndHistory]

Thank you very much! Yes, I have a firewall, but can you recommend one? I don't know what's best for Linux systems.

Very best.

[xenopeek]

The one you have is good It is just a front-end to iptables, which controls the actual firewall that is built into the Linux kernel.