You are not logged in.
At home today I happened to notice something very out of the ordinary when I did a netstat...
tcp 0 0 192.168.1.5:59958 192.168.1.13:139 ESTABLISHED 2879/gvfsd-smb-brow.5 is my Arch Linux system, and .13 is the only Windows computer in my network. So after seeing this and going wtf... I cracked open Wireshark and filtered for port 139, nothing was happening. So I tried to strace the process to see what it was doing, but it had already died. I did some enumeration on my Windows box, and it didn't seem to be doing anything out of the ordinary. I took a memory dump of my Windows system to look at later, and powered it down.
Why on earth is my Arch system initiating connections over 139 to my Windows computer? I understand that gvfsd-smb-browse is used for browsing Windows file shares... But I don't have any besides the built-in ones.
I wasn't even sure why gvfs is on my system, apparently it was an optional dependency of atom. I went ahead and removed it. God I hate Windows, the only reason I have the brick is to play some video games.
$ sudo pacman -Q | grep gvfs
gvfs 1.32.1-1
gvfs-smb 1.32.1-1$ sudo pacman -R gvfs-smb
...
$ sudo pacman -R gvfs
checking dependencies...
:: atom-editor-bin optionally requires gvfs
...Is this even something malicious? Why were these connections being created?
Edit: ALSO, I didn't even have atom open when this was all happening...
Last edited by vesche (2017-06-21 21:56:04)
Offline