You are not logged in.

#1 2017-06-21 21:47:52

vesche
Member
Registered: 2016-09-22
Posts: 3

gvfsd-smb-browse creating connections without my knowledge?

At home today I happened to notice something very out of the ordinary when I did a netstat...

tcp        0      0 192.168.1.5:59958     192.168.1.13:139       ESTABLISHED 2879/gvfsd-smb-brow

.5 is my Arch Linux system, and .13 is the only Windows computer in my network. So after seeing this and going wtf... I cracked open Wireshark and filtered for port 139, nothing was happening. So I tried to strace the process to see what it was doing, but it had already died. I did some enumeration on my Windows box, and it didn't seem to be doing anything out of the ordinary. I took a memory dump of my Windows system to look at later, and powered it down.

Why on earth is my Arch system initiating connections over 139 to my Windows computer? I understand that gvfsd-smb-browse is used for browsing Windows file shares... But I don't have any besides the built-in ones.

I wasn't even sure why gvfs is on my system, apparently it was an optional dependency of atom. I went ahead and removed it. God I hate Windows, the only reason I have the brick is to play some video games.

$ sudo pacman -Q | grep gvfs
gvfs 1.32.1-1
gvfs-smb 1.32.1-1
$ sudo pacman -R gvfs-smb
...
$ sudo pacman -R gvfs
checking dependencies...
:: atom-editor-bin optionally requires gvfs
...

Is this even something malicious? Why were these connections being created?

Edit: ALSO, I didn't even have atom open when this was all happening...

Last edited by vesche (2017-06-21 21:56:04)

Offline

Board footer

Powered by FluxBB