I keep getting a firewall hit from an IP Address192.168.1.4 on port 137. Protocol is UDP. Source is something called Samba.I looked up Samba and it has something to do with file sharing of windows documents. I don't share files and I'm not on a wireless network for people to be hacking into my computer. What is the deal with this and how do I keep it out of my computer? I keep getting hits from it.
I'm a newbie. Please keep responses simple, easy-to-follow instructions appreciated.
How can I keep Samba, file sharing, out of my computer?
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Re: How can I keep Samba, file sharing, out of my computer?
Are you using Linux Mint 11? Or something else...
In case you are using the Linux Mint 11. Open a terminal, and run the following commands to stop Samba:
The first command in each group disables it directly, the second command in each group disables it for future reboots. You will have to enter your password, note that the cursor won't move and characters won't appear as you type.
Another service you might want to stop is Avahi / Zeroconf. This is for easily finding other computers on your network, and to connect to Apple fileshares. If you don't use either of those, disable with:
Last but certainly not least, make sure you have enabled the firewall! This would block all traffic regardless of the services running or not (you would have to specifically allow a service to receive traffic, else the firewall will block all incoming connects). Go to Menu -> Control Center -> Firewall Configuration and make sure "Enabled" is checked.
After reboot confirm your firewall is active, by running:
This should reply as follows, make sure the red parts match:
Which services are still listening and allowed to receive traffic. For me this says:
Finally, you can do a ports probe from https://www.grc.com/x/ne.dll?bh0bkyd2, and see if any ports remain open to the internet that shouldn't.
Usually the firewall in your broadband modem also blocks all incoming traffic, so you would have been quite safe to computers outside your own network. Defense in depth is better however (having redundant defenses, like also running a firewall on your machine, and also disabling any services you don't need).
In case you are using the Linux Mint 11. Open a terminal, and run the following commands to stop Samba:
Code: Select all
sudo stop nmbd
echo manual | sudo tee -a /etc/init/nmbd.override
sudo stop smbd
echo manual | sudo tee -a /etc/init/smbd.override
Another service you might want to stop is Avahi / Zeroconf. This is for easily finding other computers on your network, and to connect to Apple fileshares. If you don't use either of those, disable with:
Code: Select all
sudo stop avahi-daemon
echo manual | sudo tee -a /etc/init/avahi-daemon.override
After reboot confirm your firewall is active, by running:
Code: Select all
sudo ufw status verbose
Now check with:Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
Code: Select all
sudo ufw show listening
You need the dhclient to get an IP address from your broadband modem or router, and the ntpd I have running for my machine to synchronize the clock with internet servers.tcp:
udp:
123 192.168.1.33 (ntpd)
123 * (ntpd)
68 * (dhclient)
Finally, you can do a ports probe from https://www.grc.com/x/ne.dll?bh0bkyd2, and see if any ports remain open to the internet that shouldn't.
Usually the firewall in your broadband modem also blocks all incoming traffic, so you would have been quite safe to computers outside your own network. Defense in depth is better however (having redundant defenses, like also running a firewall on your machine, and also disabling any services you don't need).
Re: How can I keep Samba, file sharing, out of my computer?
Thank you very much! Yes, I have a firewall, but can you recommend one? I don't know what's best for Linux systems.
Very best.
Very best.
Re: How can I keep Samba, file sharing, out of my computer?
The one you have is good It is just a front-end to iptables, which controls the actual firewall that is built into the Linux kernel.
Re: How can I keep Samba, file sharing, out of my computer?
When using Shields Up, it reports my Huawei E3131 USB HSDPA dongle which is a router, not my computer.
Last edited by xenopeek on Wed Jun 11, 2014 11:05 am, edited 1 time in total.
Reason: Locked for necro-bumping. Make a new topic if you need support, don't post questions on topics years old.
Reason: Locked for necro-bumping. Make a new topic if you need support, don't post questions on topics years old.