SMB (Server Message Block) ports are network communication endpoints used by the SMB protocol to facilitate file and printer sharing, as well as other network services, primarily on Windows networks. Think of it as the language your devices use to communicate and collaborate in a local network.
The default SMB ports are port 445 (TCP) for SMB over TCP/IP and port 139 (TCP) for SMB over NetBIOS. Securing SMB ports is crucial for maintaining network security and preventing unauthorised access, data breaches, and malware propagation.
What are SMB port numbers?
In a Windows networking environment, SMB relies primarily on two TCP ports:
- Port 445 (TCP)
- Port 139 (TCP)
Port 445 (TCP)
Port 445 is the default port used by modern versions of the SMB protocol (SMB 2.0 and later) for direct SMB communication over TCP/IP. This port enables file and printer sharing, as well as other network services, without NetBIOS. When a client wants to establish an SMB connection with a server, it directly communicates with the server’s IP address using port 445. It is crucial to secure this port as it has been targeted by various exploits and attacks, such as the WannaCry ransomware.
Port 139 (TCP)
Port 139 is used by older versions of the SMB protocol (SMB 1.0) that rely on NetBIOS over TCP/IP. NetBIOS is a legacy protocol that provides name resolution, datagram, and session services. When SMB runs over NetBIOS, port 139 is used for session service, allowing clients to connect with servers and access shared resources. Modern Windows systems favour SMB over TCP/IP (port 445), but some legacy systems and applications may still use SMB over NetBIOS.
In addition to these default SMB ports, security professionals should be aware of two historical ports associated with NetBIOS:
- Port 137 (UDP) – Used for name resolution and service registration.
- Port 138 (UDP) – Used for connectionless communication.
How does an SMB protocol work? Explained in the simplest way
The Server Message Block (SMB) protocol is like a language that computers use to talk to each other to share files, printers, and other resources over a network. Here’s a simple way to understand how SMB works:
- Computer A wants to access a shared folder or printer on Computer B.
- Computer A sends a request to Computer B, saying, “Hey, can I access this shared resource?”
- Computer B checks if Computer A can access the resource. It’s like checking if someone has the right key to open a locked door.
- If Computer A has permission, Computer B says, “Sure, you can access it!” and establishes a connection.
- Now, Computer A can read, write, or modify files in the shared folder, or send print jobs to the shared printer, just as if the resource was on their computer.
The SMB protocol ensures that this conversation between computers is secure and reliable. It’s like having a trusted messenger that delivers the requests and responses between computers, ensuring nothing gets lost or intercepted by someone else.
Security Risks Associated with SMB Ports
SMB ports, which are used for file and printer sharing on Windows networks, can sometimes be a target for bad guys trying to break into your computer or steal your data. Here are some of the risks & vulnerabilities:
WannaCry ransomware (EternalBlue exploit)
WannaCry is a nasty computer virus that uses a weakness in SMB to spread across networks and lock up people’s files until they pay a ransom.
Petya/NotPetya ransomware
Similar to WannaCry, Petya, and NotPetya are viruses that use SMB weaknesses to spread and cause damage. They can also lock up files and demand a ransom.
Weak spots in SMB
Sometimes, there might be a flaw or a weakness in the SMB protocol that attackers can exploit to sneak into your computer without permission. It’s like finding a hidden door that wasn’t locked properly.
Unprotected access
If your SMB ports are not set up securely, anyone on the network might be able to access your shared files and printers without needing a password.
Malware and viruses
Attackers can use SMB ports to spread viruses and other nasty programs that can harm your computer or steal your information. It’s like someone sending you a package that looks normal but has something dangerous inside.
Eavesdropping
If someone can intercept the conversation between your computer and others on the network, they might be able to steal sensitive information or spy on what you’re doing.
How to Secure Your SMB Ports?
To keep your SMB ports secure and protect your network from potential threats, follow these tips:
Disable SMBv1
SMBv1 is an older version of the SMB protocol that has known weaknesses. Turn it off on all your devices to prevent attackers from exploiting these flaws. It’s like getting rid of an old, rusty lock and replacing it with a newer, stronger one.
Use strong passwords and authentication
Make sure you have strong, unique passwords for all your user accounts and devices. Enable authentication to ensure only authorised people can access your shared resources. It’s like giving a special key only to trusted family members to enter your house.
Enable SMB signing
SMB signing adds an extra layer of security by making sure the data being sent between your computers hasn’t been tampered with by a third party. It’s like sealing a letter with a special wax stamp to prove it hasn’t been opened and changed on the way.
Use a firewall
Set up a firewall to control which devices can access your SMB ports and shared resources. This helps block unauthorised access attempts from outside your network. It’s like having a guard at your front door who only lets in people you know and trust.
Keep your systems updated
Always keep your operating systems and software up to date with the latest security patches and updates. These often include fixes for newly discovered SMB vulnerabilities. It’s like continuously maintaining and upgrading the locks and security systems in your house.
Limit access to shared resources
Only share files, folders, and printers with people who really need them. The fewer resources you share, the smaller the target for potential attackers. It’s like only giving house keys to close family members instead of everyone you know.
Monitor your network
Keep an eye on your network for any unusual activity, such as unexpected login attempts or large amounts of SMB traffic. Investigate and take action if you spot anything suspicious. It’s like having a neighbourhood watch that keeps an eye out for any strange behaviour and reports it.
How to check which SMB version is enabled?
You can open cmd.exe and run this command to query the status of the lanmanworkstation service that maintains SMB network connections.
sc qc lanmanworkstation
As illustrated in the above screenshot, MrxSMB20 represents SMB v2 and MrxSMB10 is equivalent to SMB v1 in use.
How to check if an SMB port is open?
There are multiple ways to check if an SMB port is open on a Windows system.
Open the command prompt. Run the following commands and filter the port number (445 in this example) to see the status.
netstat -an | findstr 445
Common SMB Protocol Dialects
SMB 1.0
This is the original version of SMB, released in the 1980s. It’s now considered outdated and has known security vulnerabilities.
Samba
Samba is an open-source implementation of the SMB protocol that allows non-Windows systems, such as Linux and macOS, to communicate with Windows systems.
CIFS (Common Internet File System)
CIFS is a dialect of SMB 1.0 that was developed by Microsoft in 1996. It added support for larger file sizes and more characters in filenames.
SMB 2.0
Released with Windows Vista, SMB 2.0 (2006) introduced significant performance, reliability, and security improvements compared to SMB 1.0.
SMB 2.1
This version came with Windows 7 and Windows Server 2008 R2. It included minor enhancements and optimisations over SMB 2.0. Consider it a small update to the previous smartphone, with some bug fixes and performance improvements.
SMB 3.0
Introduced in 2012 with Windows 8 and Windows Server 2012, SMB 3.0 brought major enhancements, such as multichannel support, end-to-end encryption, and improved performance.
SMB 3.1 and later
These versions, released with Windows 10 and Windows Server 2016 onwards, include additional features and improvements. For example, SMB 3.1.1 was released in 2015 that introduced pre-authentication integrity to prevent certain types of attacks.
Other dialects:
- SMB 2.0.2: A minor update to SMB 2.0, released with Windows Vista SP1 and Windows Server 2008.
- SMB 3.0.2: A minor update to SMB 3.0, introduced with Windows 8.1 and Windows Server 2012 R2.
Alternatives to SMB Ports
While SMB is widely used for file and printer sharing on Windows networks, alternative protocols can be used for similar purposes. These alternatives may be useful in situations where SMB is unavailable, unsupported, or not the best fit for your needs. Let’s take a look at some of the common alternatives to SMB:
SFTP (SSH File Transfer Protocol)
While SFTP is more commonly used in Unix and Linux environments, third-party tools allow you to use SFTP on Windows. These tools provide a secure way to transfer files between Windows systems using the SSH protocol, which encrypts the data during transit.
FTPS
FTPS is an extension of the traditional FTP protocol that adds support for secure connections using SSL/TLS encryption. It can be used for securely transferring files between Windows systems, similar to sending a letter in a sealed, tamper-proof envelope.
WebDAV (Web Distributed Authoring and Versioning)
WebDAV is an extension of the HTTP protocol that allows for collaborative editing and management of files on remote web servers. It can be used for web-based file sharing and collaboration within a Windows environment, similar to working on a shared document in a web-based application like Microsoft Office 365 or Google Docs
FAQs about SMB ports
What SMB is used for?
SMB is used for file and printer sharing, as well as other network services, primarily on Windows networks.
Are SMB ports secure?
SMB ports can be secure if properly configured and protected, but they have been targeted by various exploits and attacks in the past.
Is SMB used today?
Yes, SMB is still widely used, especially in Windows environments, with newer versions offering improved performance and security.
Is SMB better than FTP?
SMB and FTP serve different purposes; SMB is better for sharing files on local networks, while FTP is often used to transfer files over the internet.
Is SFTP faster than SMB?
SFTP and SMB are also used for different scenarios; SFTP is generally faster for transferring files over a wide area network (WAN) or the internet, while SMB performs better on local networks.





