UpGuard: What is an SMB Port + Ports 445 and 139 Explained

SMB Protocol stands for Server Message Block Protocol. This is how the client and sever communicate. Sharing access to files, printers, serial ports, data and authenication are some of the uses of this protocol.

How Does SMB Protocol work:

The first step is to have the client make a request to the server. The server will respond accordingly. This is called a request-response protocol. Once a connection is established, users are able to open, read, move, create and update files on the server.

SMB was initially designed to turn a local file access to a networked file system.

CIFS (Common Internet File System) runs over TCP on port 445. It's existence is an attempt to add more features to the the SMB protocol like symbolic links, large files and hard links without the need of a transport (NetBIOS). However, this resulted in network performance issues.

SMB continues to be refined. The latest SMB 3.0 has more functionality, improved performance and security enhancements.

What are the SMB Protocol Dialects?

After the initial SMB protocol was created, there have been different dialects (versions) that have sprunk up to meet the constantly changing network requirements.

SMB 1.0 (1983)

The original protocol created by IBM for the specific purposes of file sharing in DOS.

It introduced opportunistic locking as a clien-side caching mechanism designed to redude network traffic. Caching is basically a temporary storage of frequently accessed data. It reduces the need to fetch data from the server each and everytime.

Samba (1992)

It is an implementation of SMB protocol and MS Active Directory for Unix/Linux systems and distros.

It supports file sharing, print services, authentication/authorization, name resolution and service announcements between Linux/Unix servers and Windows clients.

CIFS (1996)

It added features to the existing SMB Protocol such as sharing larger file sizes, symbolic links, hard links and transport directly over TCP

Netsmb (2004)

Designed for BSD OS (Berkley Software Distribution) which is an open source unix-like OS

Netsmb is used as a kernel SMB communicator. Referenced: Netsmb Manual Pages

SMB 2.0, 2.1, 3.0, 3.02, 3.11

All versions released by Microsoft between 2006 and 2015.

all versions support providing perfomance improvement, scalability, security, resilience, backup, availability and management.

Tuxera SMB (2009)

Proprietary SMB implementation created to provide flexibility to run in either kernel or user-space.

Likewise (2009)

provides a multiprotocol (routing traffic based on the shortest path, rather than network address), identity aware platform for network access to files in OEM (Original Equipment Manufacturer) storage products built on Linux/Unix based platforms

MoSMB (2012)

A proprietary SMB implementation for Linux/Unix to support SMB 2.x and SMB 3.x.

What are Ports 139 and 445?

In order to for computers to communicate, there needs to be an open port. SMB ports are typically 139 & 445.

Port 139 is used for communication that requires NetBios to act as a transport. Think printers and serial ports.

Port 445 ont he other had communicates over the internet. This allows use of IP addresses to use SMB-like file sharing.

Are Open Ports Dangerous?

There is always a posibility of issues with anything connected to the internet. To check is a port is open, use the netstat command

An open port is neccary to communicate; however, it becomes a security risk when the service listening to the port is misconfigured, unpatched, vulnerable to exploits, or has poor network security rules.

How to Keep Ports 139 and 445 Secure

• Avoid Exposing SMB Ports. Always remember ports 135-139 and 445 have never been safe so don't expose them publicly.
• Patch Everything.
• No Single Point of Failure. Always have a secondary backup for everything.
• Use a Firewall or Endpoint Protection. Most sokutions will include a blacklist of known attacked IP addresses and their most used ports.
• Use a Virtual Private Network (VPN). VPNS encypt and protect network traffic
• Implement Virtual Local Area Networks (VLANs). It's always a good idea to isolate internal network traffic.
• Use MAC Address Filtering. This can prevent unknown systems form accessing your network.

Things I want to know more about

• What is DOS INT 21h?
• What is NetBIOS?
• What is a LAN Manager
• Learn to used the netstat command to check is a port is open