By default, Samba accepts connections on any network interface that it finds on your system. That means if you have an ISDN line or a PPP connection to the Internet then Samba will accept connections on those links. This may not be what you want.

You can change this behavior using options like this:

This tells Samba to listen for connections only on interfaces with a name starting with eth such as eth0 or eth1, plus on the loopback interface called lo. The name you will need to use depends on what OS you are using. In the above, I used the common name for Ethernet adapters on Linux.

If you use the above and someone tries to make an SMB connection to your host over a PPP interface called ppp0, then [s]he will get a TCP connection refused reply. In that case, no Samba code is run at all, because the operating system has been told not to pass connections from that interface to any Samba process. However, the refusal helps a would-be cracker by confirming that the IP address provides valid active services.

A better response would be to ignore the connection (from, for example, ppp0) altogether. The advantage of ignoring the connection attempt, as compared with refusing it, is that it foils those who probe an interface with the sole intention of finding valid IP addresses for later use in exploitation or denial of service attacks. This method of dealing with potential malicious activity demands the use of appropriate firewall mechanisms.