SMB Ports 139 and 445

The SMB protocol enables “inter-process communication,” which is the protocol that allows applications and services on networked computers to talk to each other – you might say SMB is one of the languages that computers use to talk to each other.

How Does The SMB Protocol Work?

In early versions of Windows, SMB ran on top of the NetBIOS network architecture. Microsoft changed SMB in Windows 2000 to operate on top of TCP and use a dedicated IP port. Current versions of Windows continue to use that same port.

Microsoft continues to make advancements to SMB for performance and security: SMB2 reduced the overall chattiness of the protocol, while SMB3 included performance enhancements for virtualized environments and support for strong end-to-end encryption.

SMB Protocol Dialects

Just like any language, computer programmers have created different SMB dialects use for different purposes. For example, Common Internet File System (CIFS) is a specific implementation of SMB that enables file sharing. Many people mistake CIFS as a different protocol than SMB, when in fact they use the same basic architecture.

Important SMB implementations include:

  • CIFS: CIFS is a common file sharing protocol used by Windows servers and compatible NAS devices. CIFS uses ports 137:138/udp
  • Samba: Samba is an open-source implementation of Microsoft Active Directory that allows non-Windows machines to communicate with a Windows network. SMB uses ports 139 and 445/tcp
  • NQ: NQ is another portable file sharing SMB implementation developed by Visuality Systems.
  • MoSMB: MoSMB is a proprietary SMB implementation by Ryussi Technologies.
  • Tuxera SMBTuxera is also a proprietary SMB implementation that runs in either kernel or user-space.
  • LikewiseLikewise is a multi-protocol, identity aware network file sharing protocol that was purchased by EMC in 2012.

What Are Ports 139 And 445?

SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.

  • Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network.
  • Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.

smb port 139 and 445

How To Keep These Ports Secure

Leaving network ports open to enable applications to function is a security risk. So how do we manage to keep our networks secure and maintain application functionality and uptime? Here are some options to secure these two important and well-known ports.

  1. Enable a firewall or endpoint protection to protect these ports from attackers. Most solutions include a blacklist to prevent connections from known attackers IP addresses.
  2. Install a VPN to encrypt and protect network traffic.
  3. Implement VLANs to isolate internal network traffic.
  4. Use MAC address filtering to keep unknown systems from accessing the network. This tactic requires significant management to keep the list maintained.

how to keep ports 139 and 445 secure

In addition to the network specific protections above, you can implement a data centric security plan to protect your most important resource – the data that lives on your SMB file shares.

Understanding who has access to your sensitive data across your SMB shares is a monumental task. Varonis maps your data and access rights and discovers your sensitive data on your SMB shares. Monitoring your data is essential to detect attacks in progress and protect your data from breaches. Varonis can show you where data is at-risk on your SMB shares and monitor those shares for abnormal access and potential cyberattacks.  Get a 1:1 demo to see how Varonis monitors CIFS on NetApp, EMC, Windows, and Samba shares to keep your data safe.