Understanding the SMB Default Port: 445 vs 139 Explained

Introduction to SMB (Server Message Block)

Server Message Block (SMB) is a widely used network protocol that allows shared access to files, printers, and serial ports between nodes on a network. It’s heavily used in Windows environments but also supported on Linux and macOS.Understanding which port SMB uses is crucial for configuring firewalls, enhancing security, and enabling successful network file sharing.

What is the Default Port for SMB?

The default port used by SMB is TCP 445. This enables direct communication without relying on older NetBIOS services. Previously, SMB also ran over TCP 139 through NetBIOS, but this method is now mostly deprecated.

Port 445: SMB over TCP

Port 445 supports SMB directly over TCP/IP and is used by modern operating systems. It eliminates the dependency on NetBIOS, simplifying configuration and increasing security.

Port 139: NetBIOS Session Service

Port 139 is associated with older SMB implementations using NetBIOS over TCP/IP. Although some legacy systems may still use it, it’s considered less secure and should be disabled if possible.

Why Does SMB Use Port 445?

Modern SMB versions (SMBv2 and SMBv3) require port 445 to establish secure and efficient communication. Port 445 supports authentication, encryption, and direct connection between devices without relying on name resolution services.

TCP vs UDP for SMB Communication

SMB primarily uses TCP for data transfer. However, NetBIOS services historically required UDP for name resolution and datagram services.

Does SMB Use Both Ports 445 and 139?

Most modern environments use only port 445, but older systems may still use both ports 445 and 139. Ensuring your infrastructure is up-to-date helps simplify this and boosts security.

Disable SMBv1 using PowerShell:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

SMB Ports and Security: Why Blocking Port 445 Matters

The WannaCry and NotPetya ransomware attacks exploited vulnerabilities in SMBv1 over port 445. Blocking or monitoring this port can protect your infrastructure from similar attacks.

Key Tips:

Block port 445 at the perimeter firewall

Disable SMBv1 on all devices

Use Endpoint Detection & Response (EDR) for monitoring SMB usage.

Best Practices: Firewall Rules for SMB

Windows

New-NetFirewallRule -DisplayName "Block SMB 445" -Direction Inbound -LocalPort 445 -Protocol TCP -Action Block

Linux (UFW)

sudo ufw deny 445/tcpsudo ufw deny 139/tcp

How to Open SMB Ports on Windows and Linux

To enable SMB for internal file sharing:On Windows:

Go to Windows Firewall > Advanced Settings. Create a new inbound rule for TCP 445.

Allow access from trusted IP ranges only.

On Linux:

sudo ufw allow from 192.168.0.0/16 to any port 445 proto tcp

Alternatives to SMB fo

SFTP (SSH File Transfer Protocol)

NFS (Network File System)

WebDAVCloud-based sharing (e.g., OneDrive, Google Drive)

These options offer encryption, centralized access control, and better protection for remote sharing.

Conclusion: Proactive SMB Port Security

Understanding the role of ports 445 and 139 is essential for secure SMB implementation. Modern networks should rely exclusively on TCP port 445, with legacy ports disabled. Firewalls must be configured to restrict external access and reduce risk from exploits.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

dxdiag command in windows
Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager 14.3.0 RU10
THE NEW CYBERSECURITY FOR BEGINNERS AND DUMMIES
password complexity in Windows Server 2022
How to remove password complexity in Windows Server 2022