Waa maxay Dekedda SMB? Maxaa loo isticmaalaa Dekedda 445 iyo Dekedda 139?
NetBIOS waxay u taagan tahay Nidaamka Wax-soo-saarka Aasaasiga ah ee Shabakadda(Network Basic Input Output System) . Waa borotokoolka softiweerka ah ee u oggolaanaya codsiyada, PC-yada, iyo Desktop(Desktops) -yada shabakada deegaanka ( LAN ) si ay ula xiriiraan qalabka shabakada iyo in ay gudbiyaan xogta shabakada. Codsiyada softiweerka ah ee ku shaqeeya shabakada NetBIOS waxay helaan oo isku aqoonsadaan (NetBIOS)magacyadooda (names)NetBIOS . Magaca NetBIOS waa dhererkiisu ilaa 16 xaraf oo inta badan, oo ka duwan magaca kombiyuutarka. Laba codsi ayaa bilaabaya fadhiga NetBIOS marka mid (macmiilku) u soo diro amar ah inuu "waco" macmiil kale (server) TCP Port 139 .
Dekadda 139 maxaa loo isticmaalaa
NetBIOS ee WAN -gaaga ama intarneedka(Internet) , si kastaba ha ahaatee, waa khatar ammaan oo aad u weyn. Dhammaan noocyada macluumaadka, sida boggaaga, kooxda shaqada iyo magacyada nidaamka, iyo sidoo kale macluumaadka xisaabta waxaa laga heli karaa NetBIOS . Marka, waa lama huraan inaad ku ilaaliso NetBIOS kaaga shabakadda la doorbidayo oo la hubiyo inaysan weligeed ka bixin shabakaddaada.
Firewalls , sida cabbirka badbaadada had iyo jeer xannibi dekeddan marka hore, haddii aad la furay. Dekadda 139(Port 139) waxa loo isticmaalaa Wadaagista Faylka iyo Daabacaadda(File and Printer Sharing) laakiin waxa ay dhacdaa in ay noqoto Dekedda keliya ee ugu khatarta badan Internetka(Internet) . Tani waa sababta oo ah waxay ka tagtaa diskka adag ee isticmaalaha oo u muuqda hackers.
Marka uu weeraryahanku ku yaal aaladda Port 139 ee firfircoon , wuxuu ku ordi karaa NBSTAT aaladda ogaanshaha NetBIOS ee TCP/IP , ugu horreyntii loogu talagalay inay ka caawiso cilad-saarka dhibaatooyinka xallinta magaca NetBIOS . Tani waxay calaamad u tahay tallaabada koowaad ee muhiimka ah ee weerarka - Footprinting .
Isticmaalka amarka NBSTAT , weeraryahanku wuxuu heli karaa qaar ama dhammaan macluumaadka muhiimka ah ee la xiriira:
- Liiska magacyada NetBIOS maxalliga ah
- Magaca kombiyuutarka
- Liiska magacyada lagu xalliyo WINS
- Ciwaanka IP-ga
- Nuxurka miiska fadhiga oo leh ciwaannada IP-ga loo socdo
Iyadoo tafaasiisha kor ku xusan ay gacanta ku hayaan, weeraryahanku wuxuu hayaa dhammaan macluumaadka muhiimka ah ee ku saabsan OS, adeegyada, iyo codsiyada waaweyn ee ku shaqeeya nidaamka. Kuwan ka sokow, waxa kale oo uu leeyahay cinwaanno IP gaar ah oo LAN/WAN iyo injineerada ammaanku ay aad isugu dayeen inay ku qariyaan NAT . Intaa waxaa dheer, Aqoonsiga isticmaale(User IDs) sidoo kale waxaa lagu daray liisaska ay bixiso NBSTAT .
Tani waxay u sahlaysaa hackers-ku inay meel fog ka helaan waxa ku jira hagayaasha Hard Disk-ga ama darawalada. Waxay markaas, si aamusnaan ah u gelin karaan oo ay ku socodsiin karaan barnaamij kasta oo ay doortaan iyaga oo isticmaalaya qaar ka mid ah qalabka bilaashka ah iyada oo aan mulkiilaha kombuyuutarku waligiis ka warqabin.
Haddii aad isticmaalayso mishiin guri-guri badan leh, ka dami NetBIOS(NetBIOS) kaar kasta oo shabakad ah, ama Dial-Up Connection ee hoos yimaada guryaha TCP/IP , taasi maaha qayb ka mid ah shabakadaada deegaanka.
Akhri(Read) : Sida loo damiyo NetBIOS(disable NetBIOS) TCP/IP.
Waa maxay Dekedda SMB
Halka Dekedda 139(Port 139) farsamo ahaan loo yaqaan ' NBT over IP', Port 445 waa ' SMB over IP'. SMB waxay u taagan tahay ' Blocks Messages Server(Server Message Blocks) '. Block Message Block(Server Message Block) ee luqadda casriga ah waxaa sidoo kale loo yaqaan Nidaamka Faylka Internetka ee Guud(Common Internet File System) . Nidaamku wuxuu u shaqeeyaa sida borotokoolka shabakad-lakab codsi ah oo inta badan loo isticmaalo bixinta gelitaanka la wadaago ee faylasha, daabacayaasha, dekedaha taxan, iyo noocyada kale ee xidhiidhka ka dhexeeya noodhka shabakadda.
Inta badan isticmaalka SMB waxay ku lug leedahay kombuyuutarrada ku shaqeeya Microsoft Windows , halkaasoo loo yaqaanay 'Microsoft Windows Network' ka hor intaan la soo bandhigin soo socda ee Hagaha Active(Active Directory) . Siyaalo badan ayay ugu dul socon kartaa lakabyada shabakada ee Kulanka (iyo kuwa hoose).(Session)
Tusaale ahaan, Windows -ka , SMB waxay si toos ah ugu socon kartaa TCP/IP iyada oo aan loo baahnayn NetBIOS TCP TCP/IP . Tani waxay isticmaali doontaa, sida aad tilmaantay, dekedda 445. Nidaamyada kale, waxaad ka heli doontaa adeegyo iyo codsiyo isticmaalaya dekedda 139. Taas macnaheedu waa in SMB ay la socoto NetBIOS TCP TCP/IP.
Hackers-ka xaasidka ah waxay qireen, in Dekedda 445(Port 445) ay tahay mid nugul oo ay leedahay ammaan darro badan. Mid ka mid ah tusaale qabow ee Port 445 si xun u isticmaalka waa muuqaalka aamusnaanta ee gooryaanka NetBIOS(NetBIOS worms) . Gooryaankan si tartiib tartiib ah laakiin si fiican loo qeexay ayaa u baadhaya internetka(Internet) tusaale ahaan dekedda 445, isticmaal qalabka sida PsExec si ay ugu wareejiyaan kombuyuutarka cusub ee dhibbanaha, ka dibna labanlaabaan dadaalkooda baaritaanka. Waa habkan aan aad loo aqoon, ee " Bot Armies ", oo ka kooban tobanaan kun oo mashiinnada qashinka ah ee NetBIOS , ayaa la ururiyay oo hadda deggan internetka(Internet) .
Akhriso(Read) : Sidee loo gudbiyaa Dekedaha(How to forward Ports) ?
Sida loo hubiyo in dekedda SMB ay furan tahay gudaha Windows 10
Waxaad u baahan tahay inaad isticmaasho amarkan PowerShell . Haddii aad rabto inaad awood u siiso nidaamka wareejinta faylka SMBv2 kumbuyuutarkaaga, waxaad marka hore u baahan tahay inaad hubiso in nidaamkaagu rakibi karo iyo in kale. (SMBv2)Markaad ogaato heerka waxaad dooran kartaa inaad awood u yeelato ama aad damiso SMBv2(enable or disable SMBv2) .
Dekadda SMB ee 445 ammaan ma tahay?
Anagoo tixgalinayna khataraha kor ku xusan, danteena ayay ku jirtaa in aynaan u soo bandhigin Port 445 (Port 445)intarneetka(Internet) balse sida Windows Port 135 , Port 445 waxa ay si qoto dheer ugu xidhan tahay Windows wayna adagtahay in si nabad ah loo xidho. Taasi waxay tidhi, xidhitaankeedu waa suurtogal, si kastaba ha ahaatee, adeegyada kale ee ku tiirsan sida DHCP ( Dynamic Host Configuration Protocol ) kaas oo inta badan loo isticmaalo helitaanka ciwaanka IP-ga ee server-yada DHCP ee ay isticmaalaan shirkado badan iyo ISP(ISPs) -yada , waxay joojin doonaan shaqeynta. Qoraaladan waxay ku tusayaan sida loo damiyo SMBv1 iyo SMBv2.
Iyadoo la tixgelinayo dhammaan sababaha amniga ee kor lagu sheegay, ISPs badan ayaa dareemaya inay lagama maarmaan tahay in la xannibo Dekaddan(Port) iyagoo ka wakiil ah isticmaalkooda. Tani waxay dhacdaa kaliya marka dekedda 445 aan la helin inay ilaaliso NAT router ama firewall shakhsi ahaaneed. Xaaladdan oo kale, ISP- gaagu waxa laga yaabaa inuu ka ilaaliyo taraafikada dekedda 445 inay ku soo gaadho.
Related posts
Sida loo isticmaalo oo loogu daro Xisaabaadka Shaqada/Dugsiga ee Microsoft Authenticator app
Sida loo joojiyo fasalada kaydinta la saari karo iyo gelida gudaha Windows 10
Tirtir faylalka si joogto ah adigoo isticmaalaya barnaamijka File Shredder ee bilaashka ah ee Windows
Tiny Security Suite wuxuu kaa caawinayaa inaad sir, jar jarto, oo aad ilaaliso faylasha ku jira PC gaaga
Sida dib loogu dajiyo abka Windows Security gudaha Windows 11/10
Windows 10 waxay joojisaa taageerada RemoteFX vGPU; Dib ma u soo celin kartaa?
Sida looga ilaaliyo isticmaaleyaasha inay dhaafaan digniinta SmartScreen ee Edge
Maamulaha IT-ga ayaa curyaamiyay Amniga Windows
Sida loo qariyo ama loo tuso astaanta Amniga Windows ee Taskbar ee Windows 10
Sida loo suurtageliyo ama loo joojiyo Ogeysiisyada Xarunta Amniga Windows
Sida loo ilaaliyo badbaadada mareegaha: hanjabaadaha iyo la tacaalida dayacanka
Adeegga Xarunta Amniga Windows lama bilaabi karo
Ka xaddid gelitaanka USB-ga Windows 10 kumbiyuutarka Ratool
Fasaxyada Nabadgelyada Internetka ee Fasaxa - Sida loo ilaaliyo ammaan marka aad fasaxayso
Sida loo sameeyo Furaha Amniga Koontada Microsoft
Waa maxay sababta isbadelka Macluumaadka Amniga Koontada Microsoft uu weli u sugayo?
Windows Security waxay leedahay Aan Bixiyeyaal Ammaan ku jirin Windows 11/10
Software-ka ugu Wacan ee Badbaadada Internetka ee Bilaashka ah ee Windows 11/10 PC
Isla markiiba ku beddel Dejinta Ammaanka Windows ConfigureDefender
Quful calaamadaha miiska ama erayga sirta ah ayaa ilaaliya abka gudaha Windows - DeskLock