I just installed Firestarter on my machine, got it up and running and found that there was a Microsoft-ds service trying to get into my system on port 445.

Anyone know what Microsoft-ds is ? are those guys at redmond trying to peak at what software I have on my PC again ? Not that it matters now I am a complete GNU convert :)

Port 445 is a very active port on machines running Win2k and newer. It is used for the same functions that port 139 was used for on NT 4 and Win9x machines. This was basically NetBIOS over TCP/IP and SMB/CIFS traffic.
Win2k and newer can also still use port 139 and most often use both ports 139 and 445.
Ports 445 and 139 are used for TCP session establishment and file/printer sharing traffic. Port 445 is also used for communications between Win2k domain controllers and other servers. I'm pretty sure that Microsoft-ds, or ms-ds as you'll also see it, refers to directory services.

If you map a drive to a Win2k/XP machine that isn't using NetBIOS over TCP/IP, you'll connect via port 445.

If that interface the firewall is running on is facing the Internet, it's unlikely it's a Microsoft machine that's accessing port 445 during the normal course of business. More than likely it's someone probing port 445 to see what interesting things they can learn about your machine or network. Since you're not running anything Microsoft, port 445 is more than likely an empty, boring port.

Thanks for the description. You're right I'm 100% Linux on my box, and it is just a single box connected to the internet. I have been playing around with Samba though with a view of adding another machine to a small home network. So far I just have the hub and the one box though.

Would samba use the same port as windows would ?

Samba will use ports 137, 138 and 139. I don't beleive Samba uses port 445 yet. It still relies on NetBIOS over TCP/IP.

If you do install Samba, it's very easy to configure it so it only listens on your internal NIC. It should not be listening on the port that faces the Internet.

Of course, if you install Samba on a separate machine from your Firewall, then there's no problem. The way your firewall is configured right now would probably protect it. If you're running NAT on your firewall for your internal network, that's even better.

Thanks for all the sound advice.

Just one last thing though, and this probably seems like a really daft question, but what is NAT ?

Network Address Translation.

;)