SMBv1 Server Detection

Info Nessus Network Monitor Plugin ID 700100


The remote host supports the SMBv1 protocol.


The remote host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group has an exploit that affects SMB however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues. Additionally, the ETERNALBLUE exploit uses SMBv1.


Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.

See Also

Plugin Details

Severity: Info

ID: 700100

Family: Generic

Published: 2017/05/18

Updated: 2017/05/18

Dependencies: 9759

Risk Information

Risk Factor: Info