Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution mechanism described above in the name resolve order parameter above. Using this parameter will force the client to assume that the server is on the machine with the specified IP address and the NetBIOS name component of the. The SMB protocol does allow multiple clients to open the same file at the same time, but they need to cooperate when doing so. This is controlled by the set of SMB2ShareAccess values that are passed to the open file calls. When this set is empty, the SMB client requests exclusive access to the file.
smbclient is samba client with an 'ftp like' interface. It is a useful tool to test connectivity to a Windows share. It can be used to transfer files, or to look at share names. In addition, it has a nifty ability to 'tar' (backup) and restore files from a server to a client and visa versa. Let's begin by starting a session to the Windows server:
In the case of the service name, this would be the conventional means of 'mapping' a service in the Windows environment using the 'net' command:
The major difference here though is this: In the shell, the ' has special meaning. Thus, there are three means of 'getting around this'. Firstly, we could quote the service name:
secondly, we could escape each ' like:
or finally, we could just use double the number of ' as in:
Any which way will do. Using too few ' will result in an error. Options that can be used are usernames, connection to a printer service, Etc.
This will connect me to the share named 'some-share' on Billy-the-machine with the username jwhittal. You will be prompted for a password. We'll return to this in a moment.
One means of finding out what the shares on the host machine are is by using the -L switch. Assuming the Windows server is 172.16.1.3, a command such as:
will yield:
This show that the default shares on the machine (172.16.1.3) are the IPC$ share, the ADMIN$ share and the C$ share. Now that we know the shares, let's connect to one - c$.
smbclient now offers us a prompt, similar to that offered by an ftp session. Simply typing 'help' should show us all the commands we can use to 'put' and 'get' files. Once on the host server (the Windows machine), try putting your /etc/hosts file:
It should transfer it elegantly to the Windows machine. Getting files from the remote side is just as easy:
What makes smbclient really nifty is the ability to 'tar' up whole subdirectories from one machine to another. In interactive mode (i.e. When there is a smb: > prompt), one can simply set the 'tarmode' flag, as well as the 'recurse' and 'prompt' toggles, as these will allow us to copy large volumes of data from one machine to another. So, the following commands will copy the pdf995 directory from the Windows server to the Linux client:
And bingo, the entire directory get transferred to your Linux host. Naturally, transferring in the reverse direction is just as easy, only this time we can use a 'put' rather than a 'get'.
Another powerful feature is the ability to make these type of transfers in a non-interactive manner.
What this will do is to create (c) a tar (T) file called backup.995.tar of the directory on the Windows server pdf995/. Notice that despite Windows using a ' for it's directory delimiter, the smbclient uses the '/' when specifying the directory. Once the tar begins, there is no problem with this, as the output below illustrates (notice here the correct Windows directory delimiter of '):
and restoring that file we deleted by accident:)
So here ends the small chat on smbclient. What makes it so nice is that is can be used to test connectivity to a Windows network. Furthermore, if you set up a SAMBA server and have no Windows clients to test on it (as in the RedHat Certified Engineer Exam), smbclient will do just fine in ensuring your configurations work as stated. Of course, if you plan on setting up SAMBA at all, you should really have Windows clients on which to use it, otherwise all the Linux/UNIX style applications (NIS, NFS and friends) fill the gap occupied by SAMBA.
Once we have established that a Windows machine has some worthwhile stuff to share, it might be nice to have that available at our fingertips each time we use our Linux machine. Perhaps the Windows server is sharing music, or video, or perhaps better still, a software repository. Smbclient has it's uses, but it might be undesirable to transfer this information back and forth as we find a use for it. In this case, a simple answer is to mount these drives on the Linux host as we would any other drive. This is simple to achieve - and works in a fairly similar fashion to what NFS might in an all UNIX environment.
This time, the smbmount command takes the share name, a mount point (/mnt/thumb in my example above) and finally some options. Clearly, since C$ is not a guest based share (and so it should not be), I will need to supply a username for the share. I will be prompted for the password for the user 'jwhittal'. Since this 'drive' is now mounted, we can begin copying information to and from the mount point. Clearly, this implies that it is being copied to the Windows server. One might additionally place this in the /etc/fstab file on your Linux client workstation and therefore have the Windows share reloaded on every reboot of the Linux client workstation.
Smbumount is the command used to unmount the Windows share. In fact, smbmount and smbumount are just synonyms for the mount and umount commands in Linux. An alternative to the smbmount command above is:
Clearly, this would require that the smbfs module is compiled into the kernel and that it is able to mount SAMBA file systems.
nmblookup is a command that can be used to do a number of meaningful operations. In the example below, it shows us that this workstation is the master browser for this workgroup, that this machine is a member of the workgroup domain 'WORKGROUP', and that the user who is currently logged into this workstation is 'jwhittal'.
In the example below, the -M option indicates which machines are eligible to be master browsers on the network.
This is a useful command when you require your Windows system to be backed up to a Linux/UNIX client machine with a tape drive. Smbtar will tar the data to the tape that is on the Linux/UNIX system.
This, in a nutshell, is a summary of some of the SAMBA client utilities. They not only allow a Linux machine to operate seamlessly with other hosts on the network, but they offer the ability to treat Windows shares as something akin to NFS in Linux. Thus, it becomes a simple operation to work in an all-Windows environment.
The Server Message Block Protocol (SMB Protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports, and data on a network. It can also carry transaction protocols for authenticated inter-process communication.
In short, the SMB protocol is a way for computers to talk to each other.
How does the SMB protocol work?
SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. This is known as a response-request protocol.
Once connected, it enables users or applications to make requests to a file server and access resources like printer sharing, mail slots, and named pipes on the remote server. This means a user of application can open, read, move, create, and update files on the remote server.
SMB was originally designed by Barry Feigenbaum at IBM in 1983 with the aim of turning DOS INT 21h local file access into a networked file system and was originally designed to run on top of NetBIOS over TCP/IP (NBT) using IP port 139 and UDP ports 137 and 138. Software applications that run on a NetBIOS network locate and identify each other via their NetBIOS names.
Microsoft merged the SMB protocol with their LAN Manager product that it started developing in 1990 and continue to add features to the protocol in Windows for Workgroups.
In 1996, Microsoft launched an initiative to rename SMB to Common Internet File System (CIFS) and added more features, including support for symbolic links, hard links, larger file sizes, and an initial attempt to support direct connections over TCP port 445 without requiring NetBIOS as a transport (a largely experimental effort that required further refinement).
By Microsoft Windows 2000, Microsoft had changed SMB to operate over port 445. SMB still uses port 445.
This proved to be problematic as CIFS was a notoriously chatty protocol that could ruin network performance due to latency and numerous acknowledgments. While Microsoft estimates that SMB/CIFS compromised less than 10% of network traffic in the average Enterprise network, that is still a significant amount of traffic.
Microsoft explained performance issues were primarily because SMB 1.0 is a block-level rather than streaming protocol that was designed for small LANs.
The next dialect, SMB 2.0, improved the protocol's efficiency by reducing its hundreds of commands and subcommand down to 19.
Microsoft continues to invest in improving SMB performance and security. SMB 3.0 which was introduced with Windows 8 and Windows Server 2012 brought several significant changes that added functionality and improved SMB2 performance, notably in virtualized data centres.
Additionally, it introduced several security enhancements such as end-to-end encryption and a new AES based signing algorithm.
What are the SMB protocol dialects?
The SMB protocol was created in the 1980s by IBM and has spawned multiple dialects designed to meet evolving network requirements. For example, the Common Internet File System (CIFS) mentioned above is a specific implementation of SMB that enables file sharing.
Important SMB implementations include:
SMB 1.0 (1984)
Created by IBM for file sharing in DOS. It introduced opportunistic locking as a client-side caching mechanism designed to reduce network traffic.
Samba (1992)
Samba is an open-source implementation of the SMB protocol and Microsoft Active Directory for Unix systems and Linux distributions that supports file sharing and print services, authentication and authorization, name resolution, and service announcements between Linux/Unix servers and Windows clients.
CIFS (1996)
Microsoft-developed SMB dialect that debuted in Windows 95 and added support for larger file sizes, transport directly over TCP/IP, symbolic links, and hard links.
NQ (1998)
NQ is a family of portable SMB client and server implementations developed by Visuality Systems. NQ is portable to non-Windows platforms such as Linux, iOS, and Android and supports SMB 3.1.1 dialect.
Netsmb (2004)
Netsmb is a family of in-kernel SMB client and server implementations in BSD operating systems.
SMB 2.0 (2006)
Released with Windows Vista and Windows Server 2008, it reduced chattiness to improve performance, enhance scalability and resiliency, and added support for WAN acceleration.
Tuxera SMB (2009)
Tuxera is also a proprietary SMB implementation that runs in either kernel or user-space.
Likewise (2009)
Likewise developed a CIFS/SMB implementation that provided a multiprotocol, identity-aware platform for network access to files in OEM storage products built on Linux/Unix based platforms.
SMB 2.1 (2010)
Introduced with Windows Server 2008 R2 and Windows 7. The client oplock leasing model replaced opportunistic locking to enhance caching and improve performance. It also introduced large maximum transmission unit (MTU) support and improved energy efficiency, enabling clients to open files from an SMB server to enter sleep mode.
SMB 3.0 (2012)
Debuted in Windows 8 and Windows Server 2012. It introduced several significant improvements to availability, performance, backup, security, and management.
MoSMB (2012)
MoSMB is a proprietary SMB implementation for Linux and other Unix-like systems, developed by Ryussi Technologies. It supports only SMB 2.x and SMB 3.x.
SMB 3.02 (2014)
Introduced in Windows 8.1 and Windows Server 2012 R2 and included performance updates and the ability to disable CIFS/SMB 1.0 support, including the removal of related binaries.
SMB 3.1.1 (2015)
Released with Windows 10 and Windows Server 2016 and added support for advanced encryption, preauthentication integrity to prevent man-in-the-middle attacks and cluster dialect fencing.
What are ports 139 and 445?
SMB is a network file sharing protocol that requires an open port on a computer or server to communicate with other systems. SMB ports are generally port numbers 139 and 445.
Port 139 is used by SMB dialects that communicate over NetBIOS. It's a transport layer protocol designed to use in Windows operating systems over a network.
Port 445 is used by newer versions of SMB (after Windows 2000) on top of a TCP stack, allowing SMB to communicate over the Internet. This also means you can use IP addresses in order to use SMB like file sharing.
Are open ports dangerous?
While port 139 and 445 aren't inherently dangerous, there are known issues with exposing these ports to the Internet. You can check if a port is open by using the netstat command.
There is a common misconception that an open port is dangerous. This is largely driven by a lack of understanding into how open ports work, why they are open, and which ones shouldn't be open.
Open ports are necessary to communicate across the Internet. However, an open port can become dangerous when the service listening to the port is misconfigured, unpatched, vulnerable to exploits, or has poor network security rules.
The most dangerous open ports are wormable ports, like the one that the SMB protocol uses, which are open by default in some operating systems.
Early versions of the SMB protocol were exploited during the WannaCryransomware attack through a zero-day exploit called EternalBlue.
WannaCry exploited legacy versions of Windows computers that used an outdated version of the SMB protocol. WannaCry is a network worm with a transport mechanism designed to automatically spread itself. The transport code scans for systems vulnerable to the EternalBlue exploit and then installs DoublePulsar, a backdoor tool, and executes a copy of itself.
An infected computer will search its Windows network for devices accepting traffic on TCP ports 135-139 or 445 indicating the system is configured to run SMB.
It will then initiate an SMBv1 connection to the device and use buffer overflow to take control of the system and install the ransomware component of the attack.
This means WannaCry can spread automatically without victim participation.
The good news is that the Windows has since released a security update to Windows XP, Windows Server 2003, Windows 8, Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2016 to prevent this exploit.
How to keep port 139 and 445 secure
Here are some other ways you can secure port 139 and 445.
Avoid exposing SMB ports
Ports 135-139 and 445 are not safe to publicly expose and have not been for a decade.
Patch everything
Keep your systems up-to-date to avoid exploits of known vulnerabilities.
No single point of failure
Whether it's ransomware, malware, hardware failure, database error, or something else. If your data is important, then it should be backed up, at least one other secure location.
Use a firewall or endpoint protection
Most solutions will include a blacklist of known attacker IP addresses.
Use a virtual private network (VPN)
VPNs encypt and protect network traffic.
Implement virtual local area networks (VLANs)
VLANs can be used to isolate internal network traffic
Use MAC address filtering
This can prevent unknown systems from accessing your network.
UpGuard can secure your open ports
Smb Client On Solaris 10
UpGuard can protect your business from data breaches, identify all of your data leaks, and help you continuously monitor the security posture of all your vendors.
Smb Client Linux
UpGuard also supports compliance across a myriad of security frameworks, including the new requirements set by Biden's Cybersecurity Executive Order.
Smb Client For Windows
Test the security of your website, CLICK HERE to receive your instant security score now!