Server Message Blocks name shortcut SMB
. SMB is a protocol used by Windows Operating systems. SMB provides a lot of windows operating system related services over the network. SMB mainly used for file sharing. In general SMB protocol is used for inter-process communication between the same host processes or remove host processes.
服务器消息块名称快捷方式SMB
。 SMB是Windows操作系统使用的协议。 SMB通过网络提供了许多Windows操作系统相关的服务。 SMB主要用于文件共享。 通常,SMB协议用于相同主机进程之间的进程间通信或删除主机进程。
SMB端口139或445 (SMB Port 139 or 445)
Newcomers to the Windows ecosystem generally confuses port numbers of SMB. SMB service is provided over two ports.
Windows生态系统的新手通常会混淆SMB的端口号。 SMB服务通过两个端口提供。
- TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in Windows operating systems over the network. TCP端口139是NETBIOS上的SMB。 NETBIOS是一种传输层协议,旨在通过网络在Windows操作系统中使用。
- TCP 445 is SMB over IP. This is a newer version where SMB can be consumed normally over the IP networks. TCP 445是基于IP的SMB。 这是较新的版本,可以在IP网络上正常使用SMB。
检查137,138,139和445端口是否打开 (Check If Port 137,138,139 and 445 Is Open)
If we want to check the ports 137,138,139 and 445 whether they are open we can use netstat
command. This list open ports with TCP and UDP protocols.
如果要检查端口137,138,139和445是否打开,则可以使用netstat
命令。 此列表列出了使用TCP和UDP协议打开的端口。
As we can see from the example the TCP 445 is open and listening mode which means this system will accept connections to the 445 port.
从示例中可以看到,TCP 445是开放的并且处于侦听模式,这意味着该系统将接受到445端口的连接。
通过Netbios的SMB (SMB Over Netbios)
Actually Netbios protocol works in TCP 139 and UDP 137 and UDP 138. So if we have a secure network that prevents access to the remote hosts we should add firewall allow TCP and UDP 137-139 rule. As an example, we should provide the NetBIOS hostname which is generally the same with DNS/DHCP provided hostname. In this example, we will connect the remote share named backup which is provided by the host.
实际上,Netbios协议可在TCP 139和UDP 137和UDP 138中使用。因此,如果我们有一个阻止访问远程主机的安全网络,则应添加防火墙允许TCP和UDP 137-139规则。 例如,我们应该提供NetBIOS主机名,该主机名通常与DNS / DHCP提供的主机名相同。 在此示例中,我们将连接主机提供的名为backup的远程共享。
\\srv1\backup
here we should provide the hostname where NetBIOS can find and connect remote system.
在这里,我们应该提供NetBIOS可以找到并连接远程系统的主机名。
IP SMB (SMB Over IP)
SMB over IP is a newer implementation of SMB. We do not need extra intermediate protocols like Netbios in this implementation. We can use SMB directly. As an example, we can use IP addresses in order to use SMB like file sharing.
IP上的SMB是SMB的较新实现。 在此实现中,我们不需要像Netbios这样的额外中间协议。 我们可以直接使用SMB。 例如,我们可以使用IP地址来使用SMB(例如文件共享)。
\\192.168.1.10\backup
is sufficient to connect remote SMB share and port over the network.
足以通过网络连接远程SMB共享和端口。
中小企业安全 (SMB Security)
As the Windows operating system and its protocols are the main targets for attackers we may need to create countermeasures for attacks. There are threads like below.
由于Windows操作系统及其协议是攻击者的主要目标,因此我们可能需要制定针对攻击的对策。 有如下的线程。
- NetBIOS worms which can swarm silently over the network. 可以通过网络静默地传播的NetBIOS蠕虫。
PsExec
is a tool that is used to remotely manage windows systems.PsExec
是用于远程管理Windows系统的工具。SMB Vulnerabilities
provides a thread for the systems.SMB Vulnerabilities
为系统提供了一个线程。
We can prevent these threads by preventing SMB port access between networks or server groups which is not needed.
我们可以通过阻止不需要的网络或服务器组之间的SMB端口访问来防止这些线程。
SMB1,SMB2,SMB3 (SMB1, SMB2, SMB3)
SMB protocol has 3 versions where SMBv3 is the latest. Where SMB1 is supporting Netbios, SMB2 and SMB3 is only supported over IP which is TCP 445
SMB协议具有3个版本,其中SMBv3是最新的。 在SMB1支持Netbios的情况下,仅通过TCP 445支持IP支持SMB2和SMB3
SMB协议操作系统支持 (SMB Protocol Operating System Support)
While SMB is created by IBM is mainly developed by Microsoft. SMB is an open protocol which means other platforms can implement SMB freely. Linux supports the SMB protocol too.
SMB由IBM创建,而主要由Microsoft开发。 SMB是一种开放协议,这意味着其他平台可以自由实现SMB。 Linux也支持SMB协议。
翻译自: https://www.poftut.com/smb-port-port-number-protocol-uses-port-445-port-139/