Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

HOWTO stop unwanted services running on port 139,138,137 netbios on  Linux

Posted on 2004-05-01
10
Medium Priority
?
1,451 Views
Last Modified: 2010-03-18
I'm trying to stop the services running on my Linux machine. After using the nmap command got following output:

$nmap 1.2.3.4
Port       State       Service
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn

Can anybody tell me? How above services start automatically? B'coz I don't started them.
I want URLs and few tips and commands howto stop such unwanted services like these. What care should one take? THANKS A LOT

0
Comment
Question by:learnbeta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10967910
See you other question...

Most likely Samba is being started at boot. On a Linux box that supports chkconfig you can execute 'chkconfig smb off' to stop Samba from starting at boot. It can immediately shutdown with 'service smd stop'.

BTW: 'chkconfig --list' will show all services and the run levels they will start at, if enabled.
0
 

Author Comment

by:learnbeta
ID: 10970532
I have checked and confirmed that samba is not running. That's why I'm too much confused about it. Can you give some clue? Thanks for your response.
0
 

Author Comment

by:learnbeta
ID: 10970538
Is there any command to kill those processes, who are running & listening on those ports?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 40

Expert Comment

by:jlevie
ID: 10972214
Hmm, I just noticed that your question shows that nmap found TCP ports, not UDP ports.  Those ports are also shown in a "filtered" state, not an "open" state. Might this be something related to a local firewall on the system? Also does this system map any external SMB shares?

To find ports managed by Samba you'd need to do a TCP & UDP scan and they would return something like:

praetorian> sudo nmap -sU 10.1.0.1 -p 137-139
 
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on chaos.entrophy-free.net (10.1.0.1):
(The 369 ports scanned but not shown below are in state: closed)
Port       State       Service
137/udp    open        netbios-ns
138/udp    open        netbios-dgm
 praetorian> sudo nmap -sT 10.1.0.1 -p 137-139
 
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on chaos.entrophy-free.net (10.1.0.1):
(The 2 ports scanned but not shown below are in state: closed)
Port       State       Service
139/tcp    open        netbios-ssn
 


0
 

Author Comment

by:learnbeta
ID: 10974923
Okey from security point, Is this thing is insecure to keep following ports open?
How to stop them? Can you tell me how to use "lsof" command to trace exactly which process is doing this thing? How kill/stop that process?
$nmap a.b.c.d -sT -sU -p 137-139
Port       State       Service
137/tcp    filtered    netbios-ns
137/udp    open        netbios-ns
138/tcp    filtered    netbios-dgm
138/udp    open        netbios-dgm
139/tcp    filtered    netbios-ssn
139/udp    open        netbios-ssn


0
 
LVL 40

Accepted Solution

by:
jlevie earned 675 total points
ID: 10978406
That output from nmap seems to show that Samba is in fact running. Have you checked for the Samba processes ('ps -ef | grep nmbd | grep -v grep' and 'ps -ef | grep nmbd | grep -v grep')?

Are there any SMB (windows) shares mounted?
0
 

Author Comment

by:learnbeta
ID: 10983705
YES SIR, I have already checked both commands:
$ ps -ef | grep smbd | grep -v grep
$ps -ef | grep nmbd | grep -v grep

Is that possible due to some kind of firewall rules? Is this situation is vulnerable from point of security? I'm just anxious to know about those ports- How they started? B'coz just after rebooing system(2 days before), found that they are "ON". Before that there was no listening at all on 137-139 ports. That's why I was asking about it. I must thank you for replies.
Thanks.
0
 

Author Comment

by:learnbeta
ID: 10983715
My OS is RH9.0.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10986162
It is possible that this "false result" is an artifact of the firewall since there aren't an smbd/nmbd processes running.  You can verify that there aren't any processes bound to those port with 'lsof -i udp | grep netbios'

If there aren't any processes bound to the ports, then an artifact of the firewall probably doesn't pose a security risk to this system.
0
 

Author Comment

by:learnbeta
ID: 11002584
After quit lokking here and there. I found & I also agree, that this is definetly a problem of firewall mess. I must thank you.
thanks for nice & patient reponse.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question