KDE and it's SAMBA is a Security Risk , Not really

First thing I really dig the Manjaro set up. I mean hell you can pretty much do whatever you want to do. That being said,
KDE has the practice of mounting user/ share folder (and God knows what else) in their samba app. Posting up on Port 135-137 UDP is just asking for someone to breach my network especially as it's done in the most sneakiest way. I have tried to stop the sharing by blocking those ports with firewalls to no avail. Creating a "fake network" folder which resulted in pages of logs about improper symbolic links. . If you want my info for what ever reason how about corresponding and using a more secure upfront way to harvest user data. .

Then you’re doing it wrong. Read both the links below and try again.

https://wiki.archlinux.org/index.php/Uncomplicated_Firewall

https://wiki.archlinux.org/index.php/Iptables

6 Likes

I don't see the share on those ports and I'm using KDE!

Firewalld and iftables is also a good alternative. But yeah, I agree. If ports are open despite the firewall, then it is either not installed, not enabled or misconfigured.

Bro done that. Even moved to firewalld etc. UFw wouldn't automatically start back up on reboot like it's supposed to. Top it off whenever I try making a rule blocking samba Dan ole thing freezes up and shuts down . I could log in as Linus himself and it would work. I mean I just wanna block Port 23 135 and 137 , limit 443-,445 and block 3389 and RDP.

Mbb it's there. Check your logs closer.

Something ain't right. I'm no expert but I ain't no rookie either. Unless I have some other problems .

The usual policy with firewalld is to block everything and open only the ports you need.

Can you post the output of

systemctl status firewalld
firewall-cmd --list-all
ss - lntp

@mbb me either, I probed all the above mentioned ports and service protocols specifically and also ran the tests available at Gibson Research Shields Up! All ports are stealthed, no connections could be established at all. I guess it depends if your router has a decent firewall or not too.

1 Like

This is a problem in kde but easily remedied by enabling the service

sudo systemctl enable ufw

sudo systemctl start ufw

It should now be enabled on boot. You can check this by running

sudo systemctl status ufw

Or

sudo ufw status verbose

1 Like

Its not really a KDE problem .. its a UFW and GUFW problem .. they for some reason dont interact with systemd or polkit properly. I'm pretty sure you still need to hack GUFW to even get it to start.

1 Like

Where? Please tell me how to find it. Post your findings. It would help us understand the issue better. And what you mean by kde samba app? What version of kde are you using?

Ok so I just nuked it. Reinstalled with XFCE instead of KDE and gufw is working like it's supposed to. Weird...but as an afterthought I decided to check my router and I might have had other problems. It was set to low security somehow. My ISP just gave me a firmware update. Sooo yes..I might have to take my rant back

1 Like

It's called knetattach

I don't see it running, but it is installed.

EDIT: UFW works because when I use it I always forget to turn it off and then I have problems connecting from my desktop.

If your ISP will not allow you to use your own hardware and insist on using their equipment, I’d suggest you still buy your own and place it between your home network and the ISP hardware. Using the ISP hardware as nothing more than a modem.

That way you can keep your home network “safe” regardless of the typically crap hardware ISPs tend to give out to customers.

4 Likes

The thing is the ISP's router settings don't matter for the software firewall. If UFW was set to block those ports, they should be closed.

I know I like gufw and ufw. Never had any problems with it before. That's what made me start investigating is the fact that every time I looked gufw was off so ufw status was disabled. . never had that happen before. Just kinda set it and forget it

Not only was it shutting down but whenever I tried blocking those specific ports gufw and ufw both would freeze my whole computer up.

Forum kindly sponsored by