Re: can I enable SAMBA client in firewall



mjb wrote:

Hi
It would appear that samba is not running on the device...???? as there
is no smb protocol, just ms browsing on port 137.

I have a couple of wireshark captures (screen snapshots) here of
opensuse 10.2 and sled 10 connecting to my smb device.

http://homepages.ihug.co.nz/~figjam59/smb_connect_opensuse10_2.jpg
http://homepages.ihug.co.nz/~figjam59/smb_connect_sled.jpg


The device I'm using is this;


http://www.adstech.com/products/NAS-806-EF/intro/NAS_806_intro.asp?pid=NAS-806-EF

It you run nmap from your computer to the device, what ports are open
on it?

e.g;

malcolml@oscar-vm-suse-10-2:~> nmap 192.168.10.50

Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-02 23:25 CST
Interesting ports on 192.168.10.50:
Not shown: 1693 closed ports
PORT STATE SERVICE
21/tcp open ftp
24/tcp open priv-mail
139/tcp open netbios-ssn
445/tcp open microsoft-ds

Nmap finished: 1 IP address (1 host up) scanned in 7.691 seconds
malcolml@oscar-vm-suse-10-2:~>


Malcolm,

Thanks for your help so far,

My file server looks similar to yours:
http://www.ciao.co.uk/Buffalo_LinkStation_HD_HG300LAN__6271616
However the port numbers look completely different (see below).

I have been searching on the web for information about the unknown 862/tcp
port but I can't find anything.
There is no 445/tcp microsoft-ds port setup on my network.
I tried running nmap 3 times, once with the firewall enabled, once with
the firewall disabled and once when with a connection established from
Konqueror to the buffalo device and the output was the same in each case.

Any idea what is happening here? I would be very embarrassed if it was
running a different protocol than I thought. But if so why do I connect to
it with smb://hd-hglan82c/share/

suse102:/home/martin # nmap 192.168.0.4
Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-04 16:12 GMT
Interesting ports on 192.168.0.4:
Not shown: 1690 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
515/tcp open printer
548/tcp open afpovertcp
862/tcp open unknown
8080/tcp open http-proxy
MAC Address: 00:0D:0B:99:48:2C (Buffalo)
Nmap finished: 1 IP address (1 host up) scanned in 13.379 seconds
suse102:/home/martin #


Martin
Hi Martin
Looks like it's only using netbios for the shares. Are you running the
latest firmware, it may have some new features.

http://site2.buffalotech.com/support/downloads-product2.php

I would guess those other ports may be used for the mac sharing.

Try using the knetattach application to connect to a win share.

--
Cheers Malcolm °¿° (Linux Counter #276890)
SLED 10.0 x86_64 Kernel 2.6.16.27-0.6-smp
up 5 days 18:15, 2 users, load average: 0.17, 0.30, 0.27

.



Relevant Pages

  • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
    ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ...
    (Incidents)
  • Re: Yes, trying to hack a remote control
    ... I attempted a telnet into that port, and it asked for a username/pass, ... and then upload a modified firmware to the remote. ... The latest versions of nmap have a feature whereby you can run scans ...
    (Security-Basics)
  • Re: how nmap can know my firewalled servers ?
    ... UDP or ICMP protocol), it will mark the port as closed. ... descrition, how NMAP determins, if the UDP port is open or closed. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)
  • Re: FW: baby pen-test question
    ... I ALWAYS do an nmap sweep of varying degrees. ... As for testing a large network, I primarily base my efforts on the mission ... My first question is about port scanning. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Help understanding NMAP results
    ... >to do with IT) but I have been playing with old computers and Linux in my ... and is set to default DROP any packets ... Went over to a friend's house, and ran an NMAP scan against myself ... You could listen on that port and see what traffic is passing when you ...
    (Security-Basics)