SMB service is running on port 445 / Why / What process
"smb 445 tcp filtered" does not means that something is listening on port 445. From nmap man page:
Filtered. means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed
Related videos on Youtube
Chris
Updated on September 18, 2022Comments
-
Chris almost 2 years
I am currently trying to 'harden' all my servers, starting by turning of all services I dont need.
This one is a nginx reverse proxy and metasploit says smb 445 tcp filtered http://gyazo.com/6adcdcf4982801f481b8338d913545bb
But I cant find any service running on this port: service --status-all
[ + ] bind9 [ - ] bootlogs [ ? ] bootmisc.sh [ ? ] checkfs.sh [ ? ] checkroot-bootclean.sh [ - ] checkroot.sh [ + ] cron [ + ] fail2ban [ - ] fetchmail [ - ] hostname.sh [ ? ] hwclock.sh [ - ] kbd [ - ] keymap.sh [ ? ] killprocs [ ? ] kmod [ ? ] modules_dep.sh [ - ] motd [ ? ] mountall-bootclean.sh [ ? ] mountall.sh [ ? ] mountdevsubfs.sh [ ? ] mountkernfs.sh [ ? ] mountnfs-bootclean.sh [ ? ] mountnfs.sh [ ? ] mtab.sh [ ? ] networking [ + ] nginx [ ? ] plymouth [ ? ] plymouth-log [ - ] procps [ - ] quota [ - ] quotarpc [ ? ] rc.local [ - ] rmnologin [ - ] rpcbind [ - ] rsync [ + ] rsyslog [ + ] saslauthd [ ? ] screen-cleanup [ + ] sendmail [ ? ] sendsigs [ + ] ssh [ - ] sudo [ - ] udev [ ? ] udev-mtab [ ? ] umountfs [ ? ] umountnfs.sh [ ? ] umountroot [ - ] urandom [ - ] wide-dhcpv6-client [ ? ] xinetd
Can anyone please point me in the correct direction.
Samba is completely removed (apt-get purge samba*), so not sure why it would still have port 445 open.
Pretty sure that is a very basic question, but my research just didn't come up with anything.
Thank you
netstat -lnp
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 LOCALHOST:53 0.0.0.0:* LISTEN 1586/named tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 1586/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1586/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1722/sendmail: MTA: tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1586/named tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8772/nginx tcp 0 0 0.0.0.0:PORT 0.0.0.0:* LISTEN 1763/sshd tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 1722/sendmail: MTA: tcp6 0 0 :::53 :::* LISTEN 1586/named tcp6 0 0 ::1:953 :::* LISTEN 1586/named tcp6 0 0 :::PORT :::* LISTEN 1763/sshd udp 0 0 LOCALHOST:53 0.0.0.0:* 1586/named udp 0 0 127.0.0.2:53 0.0.0.0:* 1586/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1586/named udp6 0 0 :::53 :::* 1586/named Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 3750021142 1/init @/com/ubuntu/upstart unix 2 [ ACC ] STREAM LISTENING 3750023597 1662/saslauthd /var/run/saslauthd/mux unix 2 [ ACC ] SEQPACKET LISTENING 3750021553 101/udevd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 3820548573 6223/python /var/run/fail2ban/fail2ban.sock unix 2 [ ACC ] STREAM LISTENING 3820548623 6225/gam_server @/tmp/fam-root- unix 2 [ ACC ] STREAM LISTENING 3750023674 1722/sendmail: MTA: /var/run/sendmail/mta/smcontrol
-
GregL about 9 yearsWhat's the output of
netstat -lnp
? -
Chris about 9 yearsadded the output
-
Chris about 9 yearsSorry, I mistakenly took the output from another server. It is fixed now, but are verified from the nginx reverse proxy
-