NetBIOS代表网络基本输入输出系统(Network Basic Input Output System)。它是一种软件协议,允许局域网 ( LAN ) 上的应用程序、PC 和台式机(Desktops)与网络硬件通信并通过网络传输数据。在NetBIOS(NetBIOS)网络上运行的软件应用程序通过它们的NetBIOS名称(names)相互定位和识别。NetBIOS名称最长为 16个字符,通常与计算机名称分开。当一个(客户端)通过TCP 端口 139(TCP Port 139)发送命令以“呼叫”另一个客户端(服务器)时,两个应用程序启动NetBIOS会话。
139端口是做什么用的
(NetBIOS)但是,您的WAN或Internet上的(Internet)NetBIOS存在巨大的安全风险。各种信息,例如您的域、工作组和系统名称,以及帐户信息都可以通过NetBIOS获得。因此,必须在首选网络上维护您的NetBIOS并确保它永远不会离开您的网络。
防火墙(Firewalls),作为安全措施,如果您打开了此端口,则始终首先阻止此端口。端口 139(Port 139)用于文件和打印机共享,但恰好是(File and Printer Sharing)Internet上最危险的端口。之所以如此,是因为它使用户的硬盘暴露在黑客面前。
一旦攻击者在设备上找到了一个活动端口 139(Port 139),他就可以运行NBSTAT ,这是一种基于TCP TCP/IPNetBIOS诊断工具,主要用于帮助解决NetBIOS名称解析问题。这标志着攻击的重要第一步——足迹(Footprinting)。
使用NBSTAT命令,攻击者可以获得与以下相关的部分或全部关键信息:
- 本地 NetBIOS 名称列表
- 计算机名称
- WINS 解析的名称列表
- IP 地址
- 会话表的内容与目标 IP 地址
有了上述详细信息,攻击者就掌握了系统上运行的操作系统、服务和主要应用程序的所有重要信息。除此之外,他还拥有LAN/WAN和安全工程师努力隐藏在NAT后面的私有 IP 地址。此外,用户 ID(User IDs)也包含在运行NBSTAT提供的列表中。
这使黑客更容易远程访问硬盘目录或驱动器的内容。然后,他们可以通过一些免费软件工具静默上传和运行他们选择的任何程序,而计算机所有者永远不会意识到这一点。
如果您使用的是多宿主计算机,请禁用每个网卡上的NetBIOS ,或(NetBIOS)TCP/IP属性下的拨号连接,这不属于您的本地网络。
阅读(Read):如何禁用(disable NetBIOS)TCP/IP 上的 NetBIOS。
什么是 SMB 端口
虽然端口 139(Port 139)在技术上称为“基于 IP的NBT ”,但(NBT)端口 445(Port 445)是“基于 IP的SMB ”。SMB代表“服务器消息块(Server Message Blocks)”。现代语言中的服务器消息块(Server Message Block)也称为通用 Internet 文件系统(Common Internet File System)。该系统作为应用层网络协议运行,主要用于提供对文件、打印机、串行端口和网络节点之间其他类型通信的共享访问。
SMB的大多数使用涉及运行Microsoft Windows的计算机,在随后引入(Microsoft Windows)Active Directory之前,它被称为“Microsoft Windows 网络” 。它可以以多种方式在会话(Session)(和更低)网络层之上运行。
例如,在Windows上,SMB可以直接在TCP/IP上运行,而不需要NetBIOS over TCP/IP。正如您所指出的,这将使用端口 445。在其他系统上,您会发现使用端口 139 的服务和应用程序。这意味着SMB使用TCP TCP/IPNetBIOS运行。
恶意黑客承认,445 端口(Port 445)很容易受到攻击并且有很多不安全因素。滥用端口 445(Port 445)的一个令人毛骨悚然的例子是NetBIOS 蠕虫(NetBIOS worms)相对安静的出现。这些蠕虫缓慢但以明确的方式扫描Internet以查找端口 445 的实例,使用PsExec等工具将自己转移到新的受害计算机,然后加倍扫描工作。正是通过这种鲜为人知的方法,包含数以万计受NetBIOS蠕虫病毒入侵的机器的庞大“(NetBIOS)僵尸军队(Bot Armies)”被组装起来,现在居住在互联网上(Internet)。
阅读(Read):如何转发端口(How to forward Ports)?
如何在Windows 10中检查(Windows 10)SMB端口是否打开
您需要使用此PowerShell命令。如果您要在您的计算机上启用SMBv2文件传输协议,您首先需要检查您的系统是否可以安装它。了解状态后,您可以选择启用或禁用(enable or disable SMBv2)SMBv2 。
SMB 端口 445 是否安全?
考虑到上述风险,不将445 端口(Port 445)暴露给Internet符合我们的利益,但就像Windows 的 135(Windows Port 135)端口一样,445 端口(Port 445)深深嵌入在Windows中,很难安全关闭。也就是说,它的关闭是可能的,但是,其他依赖服务,例如DHCP(动态主机配置协议),经常用于从许多公司和(Dynamic Host Configuration Protocol)ISP使用的(ISPs)DHCP服务器自动获取 IP 地址,将停止运行。这些帖子向您展示了如何禁用 SMBv1和 SMBv2。
考虑到上述所有安全原因,许多ISP(ISPs)认为有必要代表其用户阻止此端口。(Port)仅当端口 445 未被NAT路由器或个人防火墙保护时才会发生这种情况。在这种情况下,您的ISP可能会阻止端口 445 流量到达您。
What is an SMB Port? What is Port 445 and Port 139 used for?
NetBIOS stands for Network Basic Input Output System. It is a software protocol that allows applications, PCs, and Desktops on a local area network (LAN) to communicate with network hardware and to transmit data across the network. Software applications that run on a NetBIOS network locate and identify each other via their NetBIOS names. A NetBIOS name is up to 16 characters long and usually, separate from the computer name. Two applications start a NetBIOS session when one (the client) sends a command to “call” another client (the server) over TCP Port 139.
What is Port 139 used for
NetBIOS on your WAN or over the Internet, however, is an enormous security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information can be obtained via NetBIOS. So, it is essential to maintain your NetBIOS on the preferred network and ensure it never leaves your network.
Firewalls, as a measure of safety always block this port first, if you have it opened. Port 139 is used for File and Printer Sharing but happens to be the single most dangerous Port on the Internet. This is so because it leaves the hard disk of a user exposed to hackers.
Once an attacker has located an active Port 139 on a device, he can run NBSTAT a diagnostic tool for NetBIOS over TCP/IP, primarily designed to help troubleshoot NetBIOS name resolution problems. This marks an important first step of an attack — Footprinting.
Using NBSTAT command, the attacker can obtain some or all of the critical information related to:
- A list of local NetBIOS names
- Computer name
- A list of names resolved by WINS
- IP addresses
- Contents of the session table with the destination IP addresses
With the above details at hand, the attacker has all the important information about the OS, services, and major applications running on the system. Besides these, he also has private IP addresses that the LAN/WAN and security engineers have tried hard to hide behind NAT. Moreover, User IDs are also included in the lists provided by running NBSTAT.
This makes it easier for hackers to gain remote access to the contents of hard disk directories or drives. They can then, silently upload and run any programs of their choice via some freeware tools without the computer owner ever being aware.
If you are using a multi-homed machine, disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.
Read: How to disable NetBIOS over TCP/IP.
What is an SMB Port
While Port 139 is known technically as ‘NBT over IP’, Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
Most usage of SMB involves computers running Microsoft Windows, where it was known as ‘Microsoft Windows Network’ before the subsequent introduction of Active Directory. It can run on top of the Session (and lower) network layers in multiple ways.
For instance, on Windows, SMB can run directly over TCP/IP without the need for NetBIOS over TCP/IP. This will use, as you point out, port 445. On other systems, you’ll find services and applications using port 139. This means that SMB is running with NetBIOS over TCP/IP.
Malicious hackers admit, that Port 445 is vulnerable and has many insecurities. One chilling example of Port 445 misuse is the relatively silent appearance of NetBIOS worms. These worms slowly but in a well-defined manner scan the Internet for instances of port 445, use tools like PsExec to transfer themselves into the new victim computer, then redouble their scanning efforts. It is through this not much-known method, that massive “Bot Armies“, containing tens of thousands of NetBIOS worm compromised machines, are assembled and now inhabit the Internet.
Read: How to forward Ports?
How to check if SMB port is open in Windows 10
You need to use this PowerShell command. If you’re going to enable the SMBv2 file transfer protocol on your computer, you first need to check whether your system can install it or not. Once you know the status you can opt to enable or disable SMBv2.
Is SMB port 445 secure?
Considering the above perils, it is in our interest to not expose Port 445 to the Internet but like Windows Port 135, Port 445 is deeply embedded in Windows and is hard to close safely. That said, its closure is possible, however, other dependent services such as DHCP (Dynamic Host Configuration Protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs, will stop functioning. These posts show you how to disable SMBv1 and SMBv2.
Considering all the security reasons described above, many ISPs feel it necessary to block this Port on behalf of their users. This happens only when port 445 is not found to be protected by NAT router or personal firewall. In such a situation, your ISP may probably prevent port 445 traffic from reaching you.
