Description
This report identifies hosts that have an SMB instance running on port 445/TCP that are accessible on the Internet. This service should not be exposed to the Internet.
Assessment
The entries in this report are hosts that have the SMB service open towards the internet. The SMB service is used for Windows fileshares and has many famous vulnerabilities amongst which are Eternalblue, EternalRomance and EternalChampion. The likelihood is rated medium. There will be many attackers and malware looking to exploit this service, but identifying vulnerable hosts requires further manual verification. The impact is high, as it will give attackers complete control of the target system.
Recommendations
- Restrict access to internal networks, if possible.
- If remote access is necessary use a VPN, enforce strong passwords and follow best practices.
References
Shadow Server – SMB Scanning Project
Wikipedia – Eternalblue