Re: is it rational to close the 139 port

To: debian-user@lists.debian.org
Subject: Re: is it rational to close the 139 port
From: Joe <joe@jretrading.com>
Date: Sun, 22 Jul 2012 10:18:16 +0100
Message-id: <[🔎] 20120722101816.4e778926@jretrading.com>
In-reply-to: <[🔎] CAG9cJmnJQeibQHRnWOShWwxgEdo-=r6oe4RPjciv5AFh1X92WQ@mail.gmail.com>
References: <[🔎] CAG9cJmmyF4Hi5aKjdzOX8NXew2LVbpNyu0aSDytCjZ9AsB961Q@mail.gmail.com> <[🔎] 500BAD78.40209@hardwarefreak.com> <[🔎] CAG9cJmmv9LBvryOJSSJv6LY3TkLO70L84rSG9B5ZN0DRvh43RA@mail.gmail.com> <[🔎] 20120722074949.GW4753@sid.nuvreauspam> <[🔎] CAG9cJm=Et-8iCkRgvri3S2M9P_YWWXtj0E-3r0uBwjLUDr8oQg@mail.gmail.com> <[🔎] 20120722093526.269af5fe@jretrading.com> <[🔎] CAG9cJmnJQeibQHRnWOShWwxgEdo-=r6oe4RPjciv5AFh1X92WQ@mail.gmail.com>

On Sun, 22 Jul 2012 16:44:13 +0800
lina <lina.lastname@gmail.com> wrote:

> 
> Checked, now only 22 80 open with 443 closed.
> another thing is that the nmap can scan my MAC address correctly.
> is it bad? (I guess I will feel comfortable if the MAC address is
> hidden)
> 

All network communication is actually based on MAC addresses, if it
can't be seen, you can't talk.

Try arp -a as root to see what other computers yours has recently
talked to. A cache is kept to speed things up, but only for a few
minutes, otherwise your computer has to broadcast to look up a link
between IP address and MAC.

If you have a rainy afternoon to while away, install Wireshark and have
a play with it. Try various network connections while a capture is
running, and play with the filtering. One day you will need to use it
in anger.

Here is a fragment of a capture showing my workstation trying to find
the server using the ARP protocol. It hasn't connected for a time, so
the server isn't in its cache:

No.  Time  Source  Destination Protocol Length Info 

5 5.007111000    Giga-Byt_xx:xx:xx Hewlett-_xx:xx:xx ARP 42
Who has 192.168.99.3?  Tell 192.168.99.101

6 5.007315000    Hewlett-_xx:xx:xx Giga-Byt_xx:xx:xx ARP 60
192.168.99.3 is at xx:xx:xx:xx:xx:xx

Sorry about the wrap, but email isn't designed for this sort of thing.
Note that the first half of the MAC is a vendor ID, and Wireshark
decodes it.

-- 
Joe

Reply to:

Follow-Ups:
- Re: is it rational to close the 139 port
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>

References:
- is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Joe <joe@jretrading.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>

Prev by Date: Re: is it rational to close the 139 port
Next by Date: Re: is it rational to close the 139 port
Previous by thread: Re: is it rational to close the 139 port
Next by thread: Re: is it rational to close the 139 port
Index(es):
- Date
- Thread