SMB service is running on port 445 / Why / What process

linux samba server-message-block debian-wheezy
7,216

"smb 445 tcp filtered" does not means that something is listening on port 445. From nmap man page:

Filtered. means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed

Share:
7,216

Related videos on Youtube

Chris
Author by

Chris

Updated on September 18, 2022

Comments

  • Chris
    Chris almost 2 years

    I am currently trying to 'harden' all my servers, starting by turning of all services I dont need.

    This one is a nginx reverse proxy and metasploit says smb 445 tcp filtered http://gyazo.com/6adcdcf4982801f481b8338d913545bb

    But I cant find any service running on this port: service --status-all 

     [ + ]  bind9
 [ - ]  bootlogs
 [ ? ]  bootmisc.sh
 [ ? ]  checkfs.sh
 [ ? ]  checkroot-bootclean.sh
 [ - ]  checkroot.sh
 [ + ]  cron
 [ + ]  fail2ban
 [ - ]  fetchmail
 [ - ]  hostname.sh
 [ ? ]  hwclock.sh
 [ - ]  kbd
 [ - ]  keymap.sh
 [ ? ]  killprocs
 [ ? ]  kmod
 [ ? ]  modules_dep.sh
 [ - ]  motd
 [ ? ]  mountall-bootclean.sh
 [ ? ]  mountall.sh
 [ ? ]  mountdevsubfs.sh
 [ ? ]  mountkernfs.sh
 [ ? ]  mountnfs-bootclean.sh
 [ ? ]  mountnfs.sh
 [ ? ]  mtab.sh
 [ ? ]  networking
 [ + ]  nginx
 [ ? ]  plymouth
 [ ? ]  plymouth-log
 [ - ]  procps
 [ - ]  quota
 [ - ]  quotarpc
 [ ? ]  rc.local
 [ - ]  rmnologin
 [ - ]  rpcbind
 [ - ]  rsync
 [ + ]  rsyslog
 [ + ]  saslauthd
 [ ? ]  screen-cleanup
 [ + ]  sendmail
 [ ? ]  sendsigs
 [ + ]  ssh
 [ - ]  sudo
 [ - ]  udev
 [ ? ]  udev-mtab
 [ ? ]  umountfs
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom
 [ - ]  wide-dhcpv6-client
 [ ? ]  xinetd

    Can anyone please point me in the correct direction.

    Samba is completely removed (apt-get purge samba*), so not sure why it would still have port 445 open.

    Pretty sure that is a very basic question, but my research just didn't come up with anything.

    Thank you

    netstat -lnp

    Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 LOCALHOST:53        0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 127.0.0.2:53            0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1722/sendmail: MTA:
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      8772/nginx      
tcp        0      0 0.0.0.0:PORT            0.0.0.0:*               LISTEN      1763/sshd       
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      1722/sendmail: MTA:
tcp6       0      0 :::53                   :::*                    LISTEN      1586/named      
tcp6       0      0 ::1:953                 :::*                    LISTEN      1586/named      
tcp6       0      0 :::PORT                 :::*                    LISTEN      1763/sshd       
udp        0      0 LOCALHOST:53        0.0.0.0:*                           1586/named      
udp        0      0 127.0.0.2:53            0.0.0.0:*                           1586/named      
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1586/named      
udp6       0      0 :::53                   :::*                                1586/named      
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     3750021142 1/init              @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     3750023597 1662/saslauthd      /var/run/saslauthd/mux
unix  2      [ ACC ]     SEQPACKET  LISTENING     3750021553 101/udevd           /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     3820548573 6223/python         /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]     STREAM     LISTENING     3820548623 6225/gam_server     @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     3750023674 1722/sendmail: MTA: /var/run/sendmail/mta/smcontrol
    • GregL
      GregL about 9 years
      What's the output of netstat -lnp?
    • Chris
      Chris about 9 years
      added the output
    • Chris
      Chris about 9 years
      Sorry, I mistakenly took the output from another server. It is fixed now, but are verified from the nginx reverse proxy

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't access SMB shares on Windows but can on Linux
What exactly is insecure about Samba access over the Internet?
Samba does not reload user group members
Differences between Active Directory Server and PDC
How to prevent samba from holding a file lock after a client disconnects?
Why is samba denying me access to my share?
How to configure Samba to allow root user for full control to the particular share?
Using Git with a Samba shared folder
How to get user password expiration date from Active Directory?
smbclient tree connect failed nt_status_bad_network_name when folder exists