Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am told by anyone that helps me with my security whenever they run an nmap on me that i need to close 139... everyone says that is a bad port to have open yet it seems i must have it on in order network my computers... are there any serious exploits for this?
TCP port 139 is used for NETBIOS - I assume you are running samba/nmbd on you Linux box. Assuming you have everything configured as securely as possible, (and you absolutely need it to do whatever you are doing) I wouldn't worry about it.
The rule of thumb with network services is to disable anything you don't need. NETBIOS is normally one of them, but if you need it, just make sure it's secured.
If port 139 is open on the internet connection, you are at risk, if nothing more than to let a scanner know that there is a system at that ip. I don't know how your local lan and internet access is set up, but I would disable sharing on the internet connection. In Windows boxes, it's done in the adapter/service binding. In Samba, just don't configure that connection in the "hosts allow".
my network is a server running mandrake 8.1
printer
usb dsl modem
hub--
client 1--suse 6.2
client 2--windows 2000
server has dhcp, smaba-server, and internet connection sharing running...
% nmap localhost
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1535 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
631/tcp open cups
901/tcp open samba-swat
953/tcp open rndc
6000/tcp open X11
Go to the ShieldsUp part and do the Test My Shields and Port Probe thingies. It will give you an idea of how open your network is to the internet. Some of the ports available to the local host may not be available to the net.
You need a host-based firewall for the computer that is directly on the internet...in this case, it looks like your windows box with Internet Connection Sharing.
Try the free version of ZoneAlarm. Something is better than nothing at all.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.