Linux – netbios-ssn Port 139 open on Linux machine

linuxport

all.

I'm desperately trying to pass a Security Metrics test, I've been trying for a few days, but I 'm always left with the same problem:

NetBIOS available on Linux
Service: netbios-ssn Port 139 open on Linux machine

I've been googling to no avail.

I've been trying to close port 139 and 445 with both iptables and fuser -k, but it still reports as open (to Security Metrics at least).
I've also tried to uninstall Samba and mess with the config file, there's just no way.

Any idea?!

Not sure what else to try…

Any help appreciated.

Best Answer

Double check the IP/hostname they're scanning. Does it match yours? Do an external scan of your own, with nmap, to see if the port is open:

nmap -p 139 hostname (or IP)

If you still have difficulties, enlist the help of your web host (if you use one). Most web hosts will help you secure your site per the PCI scan vendor's specifications, or at least point in the direction to get it fixed.

Related Solutions

Linux – How to run a server on port 80 as a normal user on Linux

Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.

The long answer: you can redirect connections on port 80 to some other port you can open as normal user.

Run as root:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

EDIT: as per comment question - to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

Linux – Is this a good starting point for iptables in Linux

Try shorewall which provides a reasonable firewall out of the box. Enable access from net for the services you want. There are example rule sets for one, two, and three interfaces. The documentation is good and it is actively maintained.

I expect you will want to limit which addresses can access MySQL which is easily done. You can also secure SSH with port knocking where the port is closed unless you have probed the another port recently.

Best Answer

Related Solutions

Linux – How to run a server on port 80 as a normal user on Linux

Linux – Is this a good starting point for iptables in Linux

Related Topic