NetBIOS waxay u taagan tahay Nidaamka Wax-soo-saarka Aasaasiga ah ee Shabakadda^{(Network Basic Input Output System)} . Waa borotokoolka softiweerka ah ee u oggolaanaya codsiyada, PC-yada, iyo Desktop^(Desktops) -yada shabakada deegaanka ( LAN ) si ay ula xiriiraan qalabka shabakada iyo in ay gudbiyaan xogta shabakada. Codsiyada softiweerka ah ee ku shaqeeya shabakada NetBIOS waxay helaan oo isku aqoonsadaan ^(NetBIOS)magacyadooda ^(names)NetBIOS . Magaca NetBIOS waa dhererkiisu ilaa 16 xaraf oo inta badan, oo ka duwan magaca kombiyuutarka. Laba codsi ayaa bilaabaya fadhiga NetBIOS marka mid (macmiilku) u soo diro amar ah inuu "waco" macmiil kale (server) TCP Port 139 .

Dekadda 139 maxaa loo isticmaalaa

NetBIOS ee WAN -gaaga ama intarneedka^(Internet) , si kastaba ha ahaatee, waa khatar ammaan oo aad u weyn. Dhammaan noocyada macluumaadka, sida boggaaga, kooxda shaqada iyo magacyada nidaamka, iyo sidoo kale macluumaadka xisaabta waxaa laga heli karaa NetBIOS . Marka, waa lama huraan inaad ku ilaaliso NetBIOS kaaga shabakadda la doorbidayo oo la hubiyo inaysan weligeed ka bixin shabakaddaada.

Firewalls , sida cabbirka badbaadada had iyo jeer xannibi dekeddan marka hore, haddii aad la furay. Dekadda 139^{(Port 139)} waxa loo isticmaalaa Wadaagista Faylka iyo Daabacaadda^{(File and Printer Sharing)} laakiin waxa ay dhacdaa in ay noqoto Dekedda keliya ee ugu khatarta badan Internetka^(Internet) . Tani waa sababta oo ah waxay ka tagtaa diskka adag ee isticmaalaha oo u muuqda hackers.

Marka uu weeraryahanku ku yaal aaladda Port 139 ee firfircoon , wuxuu ku ordi karaa NBSTAT aaladda ogaanshaha NetBIOS ee TCP/IP , ugu horreyntii loogu talagalay inay ka caawiso cilad-saarka dhibaatooyinka xallinta magaca NetBIOS . Tani waxay calaamad u tahay tallaabada koowaad ee muhiimka ah ee weerarka - Footprinting .

Isticmaalka amarka NBSTAT , weeraryahanku wuxuu heli karaa qaar ama dhammaan macluumaadka muhiimka ah ee la xiriira:

1. Liiska magacyada NetBIOS maxalliga ah
2. Magaca kombiyuutarka
3. Liiska magacyada lagu xalliyo WINS
4. Ciwaanka IP-ga
5. Nuxurka miiska fadhiga oo leh ciwaannada IP-ga loo socdo

Iyadoo tafaasiisha kor ku xusan ay gacanta ku hayaan, weeraryahanku wuxuu hayaa dhammaan macluumaadka muhiimka ah ee ku saabsan OS, adeegyada, iyo codsiyada waaweyn ee ku shaqeeya nidaamka. Kuwan ka sokow, waxa kale oo uu leeyahay cinwaanno IP gaar ah oo LAN/WAN iyo injineerada ammaanku ay aad isugu dayeen inay ku qariyaan NAT . Intaa waxaa dheer, Aqoonsiga isticmaale^{(User IDs)} sidoo kale waxaa lagu daray liisaska ay bixiso NBSTAT .

Tani waxay u sahlaysaa hackers-ku inay meel fog ka helaan waxa ku jira hagayaasha Hard Disk-ga ama darawalada. Waxay markaas, si aamusnaan ah u gelin karaan oo ay ku socodsiin karaan barnaamij kasta oo ay doortaan iyaga oo isticmaalaya qaar ka mid ah qalabka bilaashka ah iyada oo aan mulkiilaha kombuyuutarku waligiis ka warqabin.

Haddii aad isticmaalayso mishiin guri-guri badan leh, ka dami NetBIOS^(NetBIOS) kaar kasta oo shabakad ah, ama Dial-Up Connection ee hoos yimaada guryaha TCP/IP , taasi maaha qayb ka mid ah shabakadaada deegaanka.

Akhri^(Read) : Sida loo damiyo NetBIOS^{(disable NetBIOS)} TCP/IP.

Waa maxay Dekedda SMB

Halka Dekedda 139^{(Port 139)} farsamo ahaan loo yaqaan ' NBT over IP', Port 445 waa ' SMB over IP'. SMB waxay u taagan tahay ' Blocks Messages Server^{(Server Message Blocks)} '. Block Message Block^{(Server Message Block)} ee luqadda casriga ah waxaa sidoo kale loo yaqaan Nidaamka Faylka Internetka ee Guud^{(Common Internet File System)} . Nidaamku wuxuu u shaqeeyaa sida borotokoolka shabakad-lakab codsi ah oo inta badan loo isticmaalo bixinta gelitaanka la wadaago ee faylasha, daabacayaasha, dekedaha taxan, iyo noocyada kale ee xidhiidhka ka dhexeeya noodhka shabakadda.

Inta badan isticmaalka SMB waxay ku lug leedahay kombuyuutarrada ku shaqeeya Microsoft Windows , halkaasoo loo yaqaanay 'Microsoft Windows Network' ka hor intaan la soo bandhigin soo socda ee Hagaha Active^{(Active Directory)} . Siyaalo badan ayay ugu dul socon kartaa lakabyada shabakada ee Kulanka (iyo kuwa hoose).^(Session)

Tusaale ahaan, Windows -ka , SMB waxay si toos ah ugu socon kartaa TCP/IP iyada oo aan loo baahnayn NetBIOS TCP TCP/IP . Tani waxay isticmaali doontaa, sida aad tilmaantay, dekedda 445. Nidaamyada kale, waxaad ka heli doontaa adeegyo iyo codsiyo isticmaalaya dekedda 139. Taas macnaheedu waa in SMB ay la socoto NetBIOS TCP TCP/IP.

Hackers-ka xaasidka ah waxay qireen, in Dekedda 445^{(Port 445)} ay tahay mid nugul oo ay leedahay ammaan darro badan. Mid ka mid ah tusaale qabow ee Port 445 si xun u isticmaalka waa muuqaalka aamusnaanta ee gooryaanka NetBIOS^{(NetBIOS worms)} . Gooryaankan si tartiib tartiib ah laakiin si fiican loo qeexay ayaa u baadhaya internetka^(Internet) tusaale ahaan dekedda 445, isticmaal qalabka sida PsExec si ay ugu wareejiyaan kombuyuutarka cusub ee dhibbanaha, ka dibna labanlaabaan dadaalkooda baaritaanka. Waa habkan aan aad loo aqoon, ee " Bot Armies ", oo ka kooban tobanaan kun oo mashiinnada qashinka ah ee NetBIOS , ayaa la ururiyay oo hadda deggan internetka^(Internet) .

Akhriso^(Read) : Sidee loo gudbiyaa Dekedaha^{(How to forward Ports)} ?

Sida loo hubiyo in dekedda SMB ay furan tahay gudaha Windows 10

Waxaad u baahan tahay inaad isticmaasho amarkan PowerShell . Haddii aad rabto inaad awood u siiso nidaamka wareejinta faylka SMBv2 kumbuyuutarkaaga, waxaad marka hore u baahan tahay inaad hubiso in nidaamkaagu rakibi karo iyo in kale. ^(SMBv2)Markaad ogaato heerka waxaad dooran kartaa inaad awood u yeelato ama aad damiso SMBv2^{(enable or disable SMBv2)} .

Dekadda SMB ee 445 ammaan ma tahay?

Anagoo tixgalinayna khataraha kor ku xusan, danteena ayay ku jirtaa in aynaan u soo bandhigin Port 445 ^{(Port 445)}intarneetka^(Internet) balse sida Windows Port 135 , Port 445 waxa ay si qoto dheer ugu xidhan tahay Windows wayna adagtahay in si nabad ah loo xidho. Taasi waxay tidhi, xidhitaankeedu waa suurtogal, si kastaba ha ahaatee, adeegyada kale ee ku tiirsan sida DHCP ( Dynamic Host Configuration Protocol ) kaas oo inta badan loo isticmaalo helitaanka ciwaanka IP-ga ee server-yada DHCP ee ay isticmaalaan shirkado badan iyo ISP^(ISPs) -yada , waxay joojin doonaan shaqeynta. Qoraaladan waxay ku tusayaan sida loo damiyo SMBv1 iyo SMBv2.

Iyadoo la tixgelinayo dhammaan sababaha amniga ee kor lagu sheegay, ISPs badan ayaa dareemaya inay lagama maarmaan tahay in la xannibo Dekaddan^(Port) iyagoo ka wakiil ah isticmaalkooda. Tani waxay dhacdaa kaliya marka dekedda 445 aan la helin inay ilaaliso NAT router ama firewall shakhsi ahaaneed. Xaaladdan oo kale, ISP- gaagu waxa laga yaabaa inuu ka ilaaliyo taraafikada dekedda 445 inay ku soo gaadho.

What is an SMB Port? What is Port 445 and Port 139 used for?

NetBIOS stands for Network Basic Input Output System. It is a software protocol that allows applications, PCs, and Desktops on a local area network (LAN) to communicate with network hardware and to transmit data across the network. Software applications that run on a NetBIOS network locate and identify each other via their NetBIOS names. A NetBIOS name is up to 16 characters long and usually, separate from the computer name. Two applications start a NetBIOS session when one (the client) sends a command to “call” another client (the server) over TCP Port 139.

What is Port 139 used for

NetBIOS on your WAN or over the Internet, however, is an enormous security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information can be obtained via NetBIOS. So, it is essential to maintain your NetBIOS on the preferred network and ensure it never leaves your network.

Firewalls, as a measure of safety always block this port first, if you have it opened. Port 139 is used for File and Printer Sharing but happens to be the single most dangerous Port on the Internet. This is so because it leaves the hard disk of a user exposed to hackers.

Once an attacker has located an active Port 139 on a device, he can run NBSTAT a diagnostic tool for NetBIOS over TCP/IP, primarily designed to help troubleshoot NetBIOS name resolution problems. This marks an important first step of an attack — Footprinting.

Using NBSTAT command, the attacker can obtain some or all of the critical information related to:

1. A list of local NetBIOS names
2. Computer name
3. A list of names resolved by WINS
4. IP addresses
5. Contents of the session table with the destination IP addresses

With the above details at hand, the attacker has all the important information about the OS, services, and major applications running on the system. Besides these, he also has private IP addresses that the LAN/WAN and security engineers have tried hard to hide behind NAT.  Moreover, User IDs are also included in the lists provided by running NBSTAT.

This makes it easier for hackers to gain remote access to the contents of hard disk directories or drives. They can then, silently upload and run any programs of their choice via some freeware tools without the computer owner ever being aware.

If you are using a multi-homed machine, disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.

Read: How to disable NetBIOS over TCP/IP.

What is an SMB Port

While Port 139 is known technically as ‘NBT over IP’, Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.

Most usage of SMB involves computers running Microsoft Windows, where it was known as ‘Microsoft Windows Network’ before the subsequent introduction of Active Directory. It can run on top of the Session (and lower) network layers in multiple ways.

For instance, on Windows, SMB can run directly over TCP/IP without the need for NetBIOS over TCP/IP. This will use, as you point out, port 445. On other systems, you’ll find services and applications using port 139. This means that SMB is running with NetBIOS over TCP/IP.

Malicious hackers admit, that Port 445 is vulnerable and has many insecurities. One chilling example of Port 445 misuse is the relatively silent appearance of NetBIOS worms. These worms slowly but in a well-defined manner scan the Internet for instances of port 445, use tools like PsExec to transfer themselves into the new victim computer, then redouble their scanning efforts. It is through this not much-known method, that massive “Bot Armies“, containing tens of thousands of NetBIOS worm compromised machines, are assembled and now inhabit the Internet.

Read: How to forward Ports?

How to check if SMB port is open in Windows 10

You need to use this PowerShell command. If you’re going to enable the SMBv2 file transfer protocol on your computer, you first need to check whether your system can install it or not. Once you know the status you can opt to enable or disable SMBv2.

Is SMB port 445 secure?

Considering the above perils, it is in our interest to not expose Port 445 to the Internet but like Windows Port 135, Port 445 is deeply embedded in Windows and is hard to close safely. That said, its closure is possible, however, other dependent services such as DHCP (Dynamic Host Configuration Protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs, will stop functioning. These posts show you how to disable SMBv1 and SMBv2.

Considering all the security reasons described above, many ISPs feel it necessary to block this Port on behalf of their users. This happens only when port 445 is not found to be protected by NAT router or personal firewall. In such a situation, your ISP may probably prevent port 445 traffic from reaching you.

Related posts

• Sida loo isticmaalo oo loogu daro Xisaabaadka Shaqada/Dugsiga ee Microsoft Authenticator app

• Sida loo joojiyo fasalada kaydinta la saari karo iyo gelida gudaha Windows 10

• Tirtir faylalka si joogto ah adigoo isticmaalaya barnaamijka File Shredder ee bilaashka ah ee Windows

• Tiny Security Suite wuxuu kaa caawinayaa inaad sir, jar jarto, oo aad ilaaliso faylasha ku jira PC gaaga

• Sida dib loogu dajiyo abka Windows Security gudaha Windows 11/10

• Windows 10 waxay joojisaa taageerada RemoteFX vGPU; Dib ma u soo celin kartaa?

• Sida looga ilaaliyo isticmaaleyaasha inay dhaafaan digniinta SmartScreen ee Edge

• Maamulaha IT-ga ayaa curyaamiyay Amniga Windows

• Sida loo qariyo ama loo tuso astaanta Amniga Windows ee Taskbar ee Windows 10

• Sida loo suurtageliyo ama loo joojiyo Ogeysiisyada Xarunta Amniga Windows

• Sida loo ilaaliyo badbaadada mareegaha: hanjabaadaha iyo la tacaalida dayacanka

• Adeegga Xarunta Amniga Windows lama bilaabi karo

• Ka xaddid gelitaanka USB-ga Windows 10 kumbiyuutarka Ratool

• Fasaxyada Nabadgelyada Internetka ee Fasaxa - Sida loo ilaaliyo ammaan marka aad fasaxayso

• Sida loo sameeyo Furaha Amniga Koontada Microsoft

• Waa maxay sababta isbadelka Macluumaadka Amniga Koontada Microsoft uu weli u sugayo?

• Windows Security waxay leedahay Aan Bixiyeyaal Ammaan ku jirin Windows 11/10

• Software-ka ugu Wacan ee Badbaadada Internetka ee Bilaashka ah ee Windows 11/10 PC

• Isla markiiba ku beddel Dejinta Ammaanka Windows ConfigureDefender

• Quful calaamadaha miiska ama erayga sirta ah ayaa ilaaliya abka gudaha Windows - DeskLock