CodeX
Published in

CodeX

What are SMB Ports

The SMB (Server Message Block) protocol provides for “client-server communication,” which allows programs and services on networked computers to communicate with one another. File, print, and device sharing are just a few of the network functions enabled by SMB.

History of SMB

During the mid-1990s, Microsoft incorporated SMB in their LAN Manager product, which was initially built by IBM. SMB 1.0 was renamed CIFS (Common Internet File System), and Microsoft published some draft standards to the Internet Engineering Task Force (IETF), though these have now expired.

SMB/early CIFS’s implementation had a number of flaws that limited its applicability to managing small files for end-users. The protocol was “chatty,” which resulted in poor performance over long distances or when there was a lag between client and server. Around this time, the Samba project was born, with the goal of reverse-engineering the SMB/CIFS protocol and developing an SMB server that would allow MS-DOS clients to access files on Unix machines.

Versions of SMB

SMB 2.0
Microsoft released SMB2 with Windows Vista in 2006. SMB2.0 had a significant number of improvements over SMB 1.0 particularly reducing the “chattiness” of the protocol by reducing the number of commands and subcommands from hundreds to nineteen.

The term CIFS become redundant, as it only applied to SMB version 1.0

SMB2 supported many other improvements like TCP window scaling and WAN acceleration, opportunistic locking, and a feature known as “pipelining” to enable multiple requests to be queued at the same time.

Performance improvements involved allowing larger block sizes thus improving large file transfers. Microsoft introduced “durable file handles” which allowed the connection to an SMB server to survive brief network failure frequently seen in wireless networks by allowing clients to transparently reconnect to servers.

SMB 2.1
was released alongside Windows 7 and Windows Server 2008, and included minor upgrades.

SMB 3.0
With Windows 8 and Windows Server 2012, SMB 3.0 (also known as SMB 2.2) was released. SMB3 included significant protocol modifications such as the SMB Direct Protocol (SMB over RDMA) and SMB Multichannel (many connections per SMB session), which are meant to improve SMB2 performance, particularly in virtualized data centers.

How Does SMB Work

The SMB protocol establishes communication between clients and servers by sending and receiving request-response messages. As though a user was accessing data on their hard drive, this arrangement would set up a file-sharing system. It would make dealing with networked systems all over the world a lot easier.

Other operating systems, such as Unix, Linux, and OS/2, use Samba to connect and provide file-sharing services within a network by speaking the same language as SMB.

What ports are used by SMB protocol?

To provide file and print sharing services within a network, SMB takes use of numerous ports. The following are all known SMB v2/v3 ports:

  • TCP 445 — SMB over TCP without the need for NetBIOS
  • UDP 137 — SMB over UDP (Name Services)
  • UDP 138 — SMB over UDP (Datagram)
  • TCP 139 — SMB over TCP (Session service)

What are ports 139 and 445?

Port 139

Port 139 is used by the NetBIOS session service. Prior to Windows 2000, most operating systems used TCP 139, with SMB running on top of NetBIOS. NetBIOS, which stands for Network Basic Input/Output System, is a service on the OSI model’s session layer that allows applications to communicate with one another within a local network (LAN). This might be anyone on the internet, but because to security concerns, it is not a recommended alternative.

Port 445

Simply put, Windows uses port 445 for file sharing across the network. From Windows 2000 forward, Microsoft changed SMB to use port 445. Microsoft directory services, often known as Microsoft-DS, use port 445.

TCP and UDP protocols both use port 445 for numerous Microsoft services. For file replication, user and computer authentication, group policy, and trusts, Microsoft Active Directory and Domain Services use this port. SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, and SrvSvc protocols and services are most likely to be found on these ports.

Is SMB secure?

While different versions of SMB provide differing levels of security and protection, SMBv1 was discovered to have a vulnerability that hackers may exploit to execute their code without the user’s knowledge. When a gadget becomes infected, it attacks any other devices that are linked to it. In 2017, the National Security Agency (NSA) uncovered the flaw.

EternalBlue was the name of the exploit, which was taken from the NSA and posted online by the Shadow Brokers hacker group. Microsoft did issue a patch to address the vulnerability, but the WannaCry ransomware attack hit the world just a month later.

Wannacry attack in airport

Vulnerabilities of Port 445

Popular vulnerabilities on Port 445 according to Shodan

How to Prevent SMB Vulnerabilities?

Patching your system is the best defense against an SMB attack. Attackers will be unable to get access to a patched machine, but a huge number of Windows computers have yet to be patched. The March 2017 update from Microsoft can assist in patching the Server Message Block vulnerabilities, and applying this fix is one of the greatest ways to safeguard a system. The update fixes are already built-in if your Windows system is Windows 10 or later, which is why most SMB assaults target Windows 7 and earlier. Furthermore, the WannaCry patch can prevent EternalBlue exploits and other similar flaws. These fixes are among the most effective SMB server security solutions available.

It’s better to have layers of security when it comes to protecting yourself from cyberattacks, as it is with other things. Apart from the Wannacry and ransomware patches, you can further safeguard your systems by restricting SMB access from the internet, blocking SMB in offsite computers when in public areas, and removing SMB if it’s not needed. These easy measures can help protect your system from SMB exploits.

Finally, vulnerability scanning and Managed Detection and Response services can help your system avoid and identify SMB attacks and other cyberattacks.

source: https://socradar.io/what-are-smb-ports/

--

--

--

Everything connected with Tech & Code. Follow to join our 900K+ monthly readers

Recommended from Medium

Opensea: https://opensea.io/collection/cryptogloats

Building a better blockchain security 🔐

Basic_Pentesting_1 VulnHub

Description of BBF Tokens in ‘Baby Shark BubbleFong Friends’

Guide: How To Participate In the IDOs On MetaVPad

Safepal x Harmony Holding Challenge

Get Extra Productive With These Apps for Android

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Oguzhan Ozturk

Oguzhan Ozturk

https://www.linkedin.com/in/oguzhanoz7urk/

More from Medium

Honeypot — Seoul, South Korea (Threat Analysis)

How to Avoid Brute Force Attack on Windows server | Some methods to Prevent Brute Force Attack!

Analysis of Cyber Attacks using a Honeypot

MS Word ransomware — understand the risks of macros. Examples.