Server Message Blocks name shortcut
SMB is very familiar for us. SMB is a protocol used by Windows Operating systems. SMB provides a lot of windows operating system related services over network. SMB mainly used for file sharing.
SMB Port 139 or 445
New comers to the Windows ecosystem generally confuses port numbers of SMB. SMB service is provided over two ports.
- TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in windows operating systems over network.
- TCP 445 is SMB over IP. This is newer version where SMB can be consumed normally over IP network.
Check If Port 137,138,139 and 445 Is Open
If we want to check the ports 137,138,139 and 445 whether they are open we can use
netstat command. This list open ports with TCP and UDP protocols.
As we can see from the example the TCP 445 is open and listening mode which means this system will accept connections to the 445 port.
SMB Over Netbios
Actually Netbios protocol works in the TCP 139 and UDP 137 and UDP 138 . So if we have secure network which prevents access to the remote hosts we should add firewall
allow TCP and UDP 137-139 rule. As an example we should provide the netbios hostname which is generally the same with dns/dhcp provided host name. In this example we will connect remote share named
backup which is provided by host
here we should provide the hostname where netbios can find and connect remote system.
SMB Over IP
SMB over IP is newer implementation of SMB. We do not need extra intermediate protocol like Netbios in this implementation. We can use SMB directly. As an example we can use IP address in order to use SMB like file sharing.
is sufficient to connect remote SMB share and port over network.
As windows operating system and its protocols are main target for attackers we may need to create countermeasures for attacks. There are threads like
- NetBIOS worms which can swarm silently over network
PsExecis a tool which is used to remotely manage windows systems.
SMB Vulnerabilitiesprovides thread for the systems.
We can prevent these threads by preventing SMB port access between networks or server groups which is not needed.
SMB1, SMB2, SMB3
SMB protocol have 3 versions where SMBv3 is the latest. Where SMB1 is supporting Netbios, SMB2 and SMB3 is only supported over IP which is TCP 445
Operating System Support
While SMB is created by IBM is mainly developed by Microsoft. SMB is an open protocol which means other platforms can be implement SMB freely. Linux supports the SMB protocol too.