[Samba] Samba4 and 0.0.0.0:137 and 0.0.0.0:138 opened, why ? How do close it ?
CpServiceSPb .
cpservicespb at gmail.com
Sun Jan 11 11:15:27 MST 2015
Hmmm, I founded some at
https://lists.samba.org/archive/samba-technical/2012-July/085752.html
As I saw these patches was already implemented.
But is it possible to receive broadcast not to 0.0.0.0 but to x.y.z.255 ?
This is network broadcast either.
And opened 0.0.0.0 even with checking of source net is quite insecure from
net security point of view.
I think so.
May be is it necessary to add some smb.conf parameter that could allow to
set up x.y.z.255 instead of 0.0.0.0 ?
2015-01-11 17:58 GMT+03:00 CpServiceSPb . <cpservicespb at gmail.com>:
> I have founded that 0.0.0.0:port could be "closed" by setting up socket
> address = wishing IP addresses,
> for example socket address = 127.0.0.1 192.168.0.254
>
> 2015-01-11 17:46 GMT+03:00 CpServiceSPb . <cpservicespb at gmail.com>:
>
>> Thanks for this answer.
>> As I understood, for example if parameter
>> bind interfaces only = yes is and
>> interfaces = lan0 (192.168.0.254) is
>>
>> and if broadcast packet goes from 95.95.95.14 such packet will be dropped
>> (in other words) ?
>> Am I right ?
>>
>> And other thing.
>> Why is 192.168.0.255 (network broadcast) opened for ?
>> May be exact such address (network broadcast) is inbtended for receiving
>> broadcasts ?
>> Within exact subnet but 0.0.0.0 is for all subnets ?
>>
>> And is it possible to set off 0.0.0.0 via smb.conf ?
>>
>>
>> 2015-01-11 17:24 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>>
>>> Hello,
>>>
>>> Am 11.01.2015 um 14:55 schrieb CpServiceSPb .:
>>> > Here are 3 faces at Ubuntu: lo, lan and wan.
>>> > There are lines:
>>> > bind interfaces only = yes
>>> > interfaces = lo lan0
>>> > in smb.conf
>>> >
>>> > But netstat -tulpn shows 0.0.0.0 binded address:
>>> > tcp 0 0 192.168.0.254:139 0.0.0.0:*
>>> > LISTEN smbd
>>> > udp 0 0 192.168.0.255:137 0.0.0.0:*
>>> > nmbd
>>> > udp 0 0 192.168.0.254:137 0.0.0.0:*
>>> > nmbd
>>> > *udp 0 0 0.0.0.0:137 <http://0.0.0.0:137>
>>> > 0.0.0.0:* nmbd*
>>> > udp 0 0 192.168.0.255:138 0.0.0.0:*
>>> > nmbd
>>> > udp 0 0 192.168.0.254:138 0.0.0.0:*
>>> > nmbd
>>> > *udp 0 0 0.0.0.0:138 <http://0.0.0.0:138>
>>> > 0.0.0.0:* nmbd*
>>> >
>>> > I don'n like *udp 0 0 0.0.0.0:port *at all !
>>> >
>>> > Why is it so ?
>>>
>>>
>>> The smb.conf man page answers this question ('bind interfaces only'):
>>>
>>> ... nmbd also binds to the "all addresses" interface (0.0.0.0) on ports
>>> 137 and 138 for the purposes of reading broadcast messages. If this
>>> option is not set then nmbd will service name requests on all of these
>>> sockets. If bind interfaces only is set then nmbd will check the source
>>> address of any packets coming in on the broadcast sockets and discard
>>> any that don't match the broadcast addresses of the interfaces in the
>>> interfaces parameter list. ...
>>>
>>>
>>>
>>>
>>> Regards,
>>> Marc
>>>
>>
>>
>
More information about the samba
mailing list