Howdy. I ran a scan at the GRC website and it said all was well, but that I have those 3 ports as CLOSED instead of STEALTH.

I know nothing about security, and all I could find about them was that they are required for Windows related tidbits, however I'm on Ubuntu. It says they are closed, not open, so I figure it is OK, but it still worries me since everything else is STEALTH.

Is this a problem? Do I need to block these ports or are do they serve some purpose that I require?

Thanks. :guitar:

Well, those ports should be seen as stealth. What is your firewall configuration? The result of the test means that those ports reject the connection with a message rather then just drop it silently. This is not a security issue but you should configure them to reject as all others.

No problem. They are closed - they cannot be connected to, there is no service listening on them. Your machine is safe.

These ports are Windows service ports, used on Linux for file sharing, notably Samba, and are commonly used in port scans and Windows exploits because they're left open on many Windows machines. Linux shouldn't be as vunerable, but I'd recommend you steath them if possible. If you don't share files or printers with a Windows network, you can remove or disable Samba, which should close these ports. If you do have Windows computers networked, you can either use a firewall to block WAN traffic to these ports or tweak Samba to ignore WAN traffic.

Thanks all. I don't use file-sharing or anything so I'll disable them.
Just feels good knowing my computer is classified as "Stealth". :KS

edit: I didn't have it installed in the first place it turns out. At least not the main Samba..
What else can I do to hide these ports?

"Stealth" is a marketing term made up by GRC to encourage you to buy their firewall products. Ignore it. If the ports are not open then they cannot be connected to and abused. It's not worth installing a firewall just to stop them from sending a "Go away" response to anyone trying to connect to them. It doesn't help, and you'll only have to open holes in the firewall again if you ever do want to run a service (a torrent client perhaps) that wants to accept incoming connections.

Thanks all. I don't use file-sharing or anything so I'll disable them.
Just feels good knowing my computer is classified as "Stealth". :KS

edit: I didn't have it installed in the first place it turns out. At least not the main Samba..
What else can I do to hide these ports?
What firewall configuration tool are you using now? I would recommend Shorewall because it is easy to configure and it is really strong and flexible tool. You can check it out here - http://www.shorewall.net/index.htm

Well I'm using Firestarter as the interface, the firewall would be the inbuilt one. I'm connected to a router via Ethernet, but there is a Windows PC in my house that is connected to the same router via wireless connection but not through my PC. I have the most recent Ubuntu distro.

One more thing, what's the deal with Port 136 - why's it open on my machine? I heard somebody at another forum mention that they've never seen it open on a computer before.

I have no idea. Use sudo netstat -plnt to find the process name and id. Then ps -f <pid> to get the command it was started with.

Well I'm using Firestarter as the interface, the firewall would be the inbuilt one. I'm connected to a router via Ethernet,

Then it's the router you need to look at not your PC. Is it your router or does it belong to your ISP?

GRC results should be taken with a pinch of salt anyway.

GRC can only test the firewall of your router, the results you got are for your router and not your internal network.

How can I find out the security of my internal network?
Sorry for my ignorance, still learning.

Personally I prefer to use nmap, which is available in the repositories, but you can use System-->Administration-->Network Tools-->Port Scan.

What network address am I meant to put in? I did 127.0.0.1 and it came up with 2 ports.

In devices there is a Loopback Interface (??) and my Ethernet one. The IP in the Eternet one came up with 1 port. I have NO IDEA what I'm doing, hahaha. :(

What you want to do is to run nmap (or equivalent) from your second PC to your first PC. You can find out your internal network IP by typing 'ifconfig' in terminal, which would probably say something like:

inet addr:192.168.0.100

My favorite is lsof :

sudo lsof -i -n -P

Otherwise scan from a second computer on your lan :

nmap -v -A ip_address

I wrote some info on firewalls here:

http://bodhizazen.net/Tutorials/iptables/

Hope it helps (I know it is confusing at first).

These ports are Windows service ports, used on Linux for file sharing, notably Samba, and are commonly used in port scans and Windows exploits because they're left open on many Windows machines. Linux shouldn't be as vunerable, but I'd recommend you steath them if possible. If you don't share files or printers with a Windows network, you can remove or disable Samba, which should close these ports. If you do have Windows computers networked, you can either use a firewall to block WAN traffic to these ports or tweak Samba to ignore WAN traffic.

When I tried to remove Samba from synaptic manager, it wanted to remove ubuntu-desktop as well, is there a way to remove without removing the desktop, I am not using it as a server but as desktop, I sure don't want to lose the GUI!

There are some samba files that are installed by default, they are installed to allow you to connect to a windows network without having to install any additional software.

They aren't a security risk, as they don't listen on any ports in a default installation.

By default samba client is installed and is not a known security risk.

samba client should not open ports though , do you have samba server installed ?

By default samba client is installed and is not a known security risk.

samba client should not open ports though , do you have samba server installed ?
Thank you both for your reply, it is much appreciated.

Yes it seems so, dont remember if I did or if it was installed somehow, but I have these smbd(2) and nmbd(1)all will say this : (/usr/sbin/smbd -D) when I hover over it in System monitor, that wasnt there before and I wanna make sure it is not there, when i try to kill the process it shuts down the system monitor and when I start it again the darn process is still there, I never had this problem before, and I dont share my printer or have a windows comp on my network so I really dont need it. I would like to remove it completely, if its possible of course.
BTW I did check the cron.daily, at the moment since a few days I am experiencing slowness and in a thread I saw that these daily jobs can cause slowness here it is.

0anacron
apt
debtags
logrotate
samba
tripwire
5snort
aptitude
exim4-base
man-db
slocate
apache2
bsdmainutils
find
mlocate
standard
apport
chkrootkit
find.notslocate.dpkg-new
rkhunter
sysklogd

someone mentionned that find.notslocate.dpkg-new and man-db are useless and I should remove them, is there any other in this list I should not be having?

I will look in synaptic manager and search for samba server and will report if it worked.

Edit: Ok I have runned the search and a few modules came up and 4 of them were installed:
libsmbclient
samba
samba-common
smbclient

samba module, I can uninstall without removing anything else
samba-common, it will uninstall, wine, ubuntu-desktop, winbind and smbclient as well
smbclient, it will uninstall ubuntu-desktop only as well
libsmbclient, well it wants to uninstall a lot of stuff, even devede, so I guess this module is really important.

Just leave:


libsmbclient
samba-common
smbclient


as they are part of the base install, to completely remove samba server open a terminal and type:

sudo /etc/init.d/samba stop

then in the same terminal type:

sudo apt-get purge samba

This will remove samba and it's dependencies. To remove any left over dependencies just in case, in the same terminal type:

apt-get autoremove

Just leave:


libsmbclient
samba-common
smbclient


as they are part of the base install, to completely remove samba server open a terminal and type:

sudo /etc/init.d/samba stop

then in the same terminal type:

sudo apt-get purge samba

This will remove samba and it's dependencies. To remove any left over dependencies just in case, in the same terminal type:

apt-get autoremove

Thanks, all removed now. Everything is much better now, besides some slowness when I use my USB drive, or when some of the cron.daily starts. I will post in the according thread for the daily process I could remove safely, I see this list and I think it is way too much in it to my liking, I guess none were that dangerous since you never mentioned that one or more of them were not suppose to be there.