Default open ports

[bleach]

Hi,

Current most up-to-date default PC-BSD install (1.3*) seems to have the following ports open:

Code:

PORT STATE SERVICE 25/tcp open smtp 139/tcp open netbios-ssn 445/tcp open microsoft-ds

How many users actually use those services? What do you think about turning them off by default?

[dracheflieger]

Originally Posted by bleach

Hi, Current most up-to-date default PC-BSD install (1.3*) seems to have the following ports open: Code: PORT STATE SERVICE 25/tcp open smtp 139/tcp open netbios-ssn 445/tcp open microsoft-ds How many users actually use those services? What do you think about turning them off by default?

SMTP is the outgoing mail server (sendmail) and you probably wont get any root messages set to send every night to root's mailbox.

The other two are networking so if you don't smb or netattach or have any other devices on your network then you can probably safely turn them off but I'm not positive about that.

[bleach]

I actually found about those services today, and local outgoing smtp engine is quite comfortable, but regarding latter two ports for example, then a google query on them could make one a little paranoid. Why have Samba (?) on by default if after all, it's so easy to enable/disable it at any time?

[dracheflieger]

To share files from a Windows machine :?: If your network consists of one computer then I guess you don't need it.

[bleach]

That's exactly my point :wink:

Just type "port 139" in the Google and the first thing that comes up is:

Quote:

NetBIOS Session (TCP), Windows File and Printer Sharing This is the single most dangerous port on the Internet. All "File and Printer Sharing" on a Windows machine runs over this port. About 10% of all users on the Internet leave their hard disks exposed on this port. This is the first port hackers want to connect to, and the port that firewalls block.

http://www.iss.net/security_center/advi ... efault.htm

I haven't check the default firewall setup on PCBSD, but still, what percentage of installed PCBSDs actually use the thing at all? What do developers think? Let's run a poll on this here?

[hulleyrob]

Maybe the developers were thinking this isnt windows so its not a security risk because it has proper security in the OS and doesnt need to hide this port behind a firewall......



Rob

[Galactic Dominator]

I'll add my 2 cents here. First, the previous poster is correct. Port 139 is essentially a windows hack although some SAMBA exploits do/did exist. If you're using SAMBA it's a good idea to fw it off from the outside. However, if you're not using SAMBA and that's a closed port on your system, fw'n it off simply isn't anymore effective than letting the packet run it's standard course. An attempt to connect to closed port isn't a security risk, in and of itself. Ports don't magically open because of such an attempt, nor is it a standard DOS vulnerability. Hence, it's a fool's errand to attempt to identify and block all those ports in which a potential vulnerability exists given certain ports popularity varies over time. Better that each system admin block appropriate ports as needed, (see security advisories for each port you chose to install) and have the admin learn the hard way if need be.

IMO it would really be desirable not to let pf, or whatever fw is implemented, to be morphed into another snake-oil firewall like norton, mcafee, zone alarm, <insert branded firewall here> or any other security bastardization