What is an SMB Port + Ports 445 and 139 Explained

An SMB port is a network port commonly used for file sharing. IBM programmer Barry Feigenbaum developed the Server Message Blocks (SMB) protocol in the 1980s for IBM DOS. SMB continues to be the de facto standard network file sharing protocol in use today.
Michael Buckbee
2 min read
Last updated September 14, 2023

The SMB protocol enables “inter-process communication,” which is the protocol that allows applications and services on networked computers to talk to each other. SMB enables the core set of network services such as file, print, and device sharing.

How Does The SMB Protocol Work?

In early versions of Windows, SMB ran on top of the NetBIOS network architecture. Microsoft changed SMB in Windows 2000 to operate on top of TCP and use a dedicated IP port. Current versions of Windows continue to use that same port.

Who is poking your ports?

Weird network traffic and suspicious port connections on your network are signs you might have been breached. Need help figuring things out? Ask Varonis.

 

Microsoft continues to make advancements to SMB for performance and security: SMB2 reduced the overall chattiness of the protocol, while SMB3 included performance enhancements for virtualized environments and support for strong end-to-end encryption.

SMB Protocol Dialects

Just like any language, computer programmers have created different SMB dialects use for different purposes. For example, Common Internet File System (CIFS) is a specific implementation of SMB that enables file sharing. Many people mistake CIFS as a different protocol than SMB, when in fact they use the same basic architecture.

Important SMB implementations include:

  • CIFS: CIFS is a common file sharing protocol used by Windows servers and compatible NAS devices.
  • Samba: Samba is an open-source implementation of Microsoft Active Directory that allows non-Windows machines to communicate with a Windows network.
  • NQ: NQ is another portable file sharing SMB implementation developed by Visuality Systems.
  • MoSMB: MoSMB is a proprietary SMB implementation by Ryussi Technologies.
  • Tuxera SMB: Tuxera is also a proprietary SMB implementation that runs in either kernel or user-space.
  • Likewise: Likewise is a multi-protocol, identity aware network file sharing protocol that was purchased by EMC in 2012.

What Are Ports 139 And 445?

SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.

  • Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network.
  • Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.

 

How To Keep These Ports Secure

Leaving network ports open to enable applications to function is a security risk. So how do we manage to keep our networks secure and maintain application functionality and uptime? Here are some options to secure these two important and well-known ports.

  1. Enable a firewall or endpoint protection to protect these ports from attackers. Most solutions include a blacklist to prevent connections from known attackers IP addresses.
  2. Install a VPN to encrypt and protect network traffic.
  3. Implement VLANs to isolate internal network traffic.
  4. Use MAC address filtering to keep unknown systems from accessing the network. This tactic requires significant management to keep the list maintained.

 

In addition to the network specific protections above, you can implement a data centric security plan to protect your most important resource – the data that lives on your SMB file shares.

Understanding who has access to your sensitive data across your SMB shares is a monumental task. Varonis maps your data and access rights and discovers your sensitive data on your SMB shares. Monitoring your data is essential to detect attacks in progress and protect your data from breaches. Varonis can show you where data is at-risk on your SMB shares and monitor those shares for abnormal access and potential cyberattacks.  Get a 1:1 demo to see how Varonis monitors CIFS on NetApp, EMC, Windows, and Samba shares to keep your data safe.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

how-to-detect-dropbox-on-your-network
How to Detect Dropbox on Your Network
The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list...
arp-poisoning:-what-it-is-&-how-to-prevent-arp-spoofing-attacks
ARP Poisoning: What it is & How to Prevent ARP Spoofing Attacks
ARP Poisoning is a type of cyberattack that abuses weaknesses in the widely used Address Resolution Protocol (ARP) to disrupt, redirect, or spy on network traffic. In this piece, we’ll…
cifs-vs-smb:-what's-the-difference?
CIFS vs SMB: What's the Difference?
CIFS, SMB, Samba, and NFS are technolgies used to network client and server systems. Learn the difference between them and which to use when.
what-is-network-segmentation?
What Is Network Segmentation?
Network segmentation is the act of dividing a computer network into smaller physical or logical components in order to increase security and protect data.