The risc of opened Samba ports

Franz Ferdinand · 24 Oct 2021

Hello, my ISP noticed me about finding opened Samba port on my side. After a review of router setup I've found the port is really opened. I just wanted to make sure if it's real security risk if I use Windows account with good password. I mean if the authorization can be bypassed or broken from the outside somehow. I've also noticed that the user/pass is required even from home network if that device didn't use the same user/pass pair to login to OS.

Porthos · 24 Oct 2021

Are you running a samba server from your PC?

MaloK · 25 Oct 2021

Hi,

What brand and model is your router ?

Depending on that, you may be able to create a Firewall rule or even completely disable samba on your router.

Personally I like my routers to be completely stealth on the web side. Your ISP mention samba, did they mention which ports ?

Port 137 (name services) · UDP Port 138 (datagram services) · TCP Port 139 (session services) · TCP Port 445 (direct connection)

Those are NetBIOS over TCP/IP ports. They should never be allowed on the wan side of your network. If the service is answering, it is considered a point of attack on your router.

If you are not using any Media sharing to the internet from your network or router. You should close / stealth those ports.

Use ShieldsUP from Gibson Research Gibson Research to verify which "File sharing ports" are responding on your wan and if you managed to close them.