[Samba] Samba4 and 0.0.0.0:137 and 0.0.0.0:138 opened, why ? How do close it ?
Rowland Penny
rowlandpenny at googlemail.com
Sun Jan 11 11:35:45 MST 2015
On 11/01/15 18:15, CpServiceSPb . wrote:
> Hmmm, I founded some at
> https://lists.samba.org/archive/samba-technical/2012-July/085752.html
> As I saw these patches was already implemented.
>
> But is it possible to receive broadcast not to 0.0.0.0 but to x.y.z.255 ?
> This is network broadcast either.
>
> And opened 0.0.0.0 even with checking of source net is quite insecure from
> net security point of view.
> I think so.
I personally think that you think wrong, it is *LISTENING* on 0.0.0.0
with ports 137 & 138 on the ipaddresses 127.0.0.1 and 192.168.0.254, it
doesn't matter whether you turn 0.0.0.0 off in smb.conf, samba will
still listen on the two ipaddresses.
I am willing to bet that you have other programs listening on 0.0.0.0,
what are you going to do, stop them listening on 0.0.0.0 and if you do,
are you going to complain that nothing then works ??
You sound like one of the people in my country that writes heath &
safety risk assessments just to cover their behinds.
Rowland
> May be is it necessary to add some smb.conf parameter that could allow to
> set up x.y.z.255 instead of 0.0.0.0 ?
>
> 2015-01-11 17:58 GMT+03:00 CpServiceSPb . <cpservicespb at gmail.com>:
>
>> I have founded that 0.0.0.0:port could be "closed" by setting up socket
>> address = wishing IP addresses,
>> for example socket address = 127.0.0.1 192.168.0.254
>>
>> 2015-01-11 17:46 GMT+03:00 CpServiceSPb . <cpservicespb at gmail.com>:
>>
>>> Thanks for this answer.
>>> As I understood, for example if parameter
>>> bind interfaces only = yes is and
>>> interfaces = lan0 (192.168.0.254) is
>>>
>>> and if broadcast packet goes from 95.95.95.14 such packet will be dropped
>>> (in other words) ?
>>> Am I right ?
>>>
>>> And other thing.
>>> Why is 192.168.0.255 (network broadcast) opened for ?
>>> May be exact such address (network broadcast) is inbtended for receiving
>>> broadcasts ?
>>> Within exact subnet but 0.0.0.0 is for all subnets ?
>>>
>>> And is it possible to set off 0.0.0.0 via smb.conf ?
>>>
>>>
>>> 2015-01-11 17:24 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>>>
>>>> Hello,
>>>>
>>>> Am 11.01.2015 um 14:55 schrieb CpServiceSPb .:
>>>>> Here are 3 faces at Ubuntu: lo, lan and wan.
>>>>> There are lines:
>>>>> bind interfaces only = yes
>>>>> interfaces = lo lan0
>>>>> in smb.conf
>>>>>
>>>>> But netstat -tulpn shows 0.0.0.0 binded address:
>>>>> tcp 0 0 192.168.0.254:139 0.0.0.0:*
>>>>> LISTEN smbd
>>>>> udp 0 0 192.168.0.255:137 0.0.0.0:*
>>>>> nmbd
>>>>> udp 0 0 192.168.0.254:137 0.0.0.0:*
>>>>> nmbd
>>>>> *udp 0 0 0.0.0.0:137 <http://0.0.0.0:137>
>>>>> 0.0.0.0:* nmbd*
>>>>> udp 0 0 192.168.0.255:138 0.0.0.0:*
>>>>> nmbd
>>>>> udp 0 0 192.168.0.254:138 0.0.0.0:*
>>>>> nmbd
>>>>> *udp 0 0 0.0.0.0:138 <http://0.0.0.0:138>
>>>>> 0.0.0.0:* nmbd*
>>>>>
>>>>> I don'n like *udp 0 0 0.0.0.0:port *at all !
>>>>>
>>>>> Why is it so ?
>>>>
>>>> The smb.conf man page answers this question ('bind interfaces only'):
>>>>
>>>> ... nmbd also binds to the "all addresses" interface (0.0.0.0) on ports
>>>> 137 and 138 for the purposes of reading broadcast messages. If this
>>>> option is not set then nmbd will service name requests on all of these
>>>> sockets. If bind interfaces only is set then nmbd will check the source
>>>> address of any packets coming in on the broadcast sockets and discard
>>>> any that don't match the broadcast addresses of the interfaces in the
>>>> interfaces parameter list. ...
>>>>
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Marc
>>>>
>>>
More information about the samba
mailing list