Rowland penny via samba ha scritto il 27/08/20 alle 15:49:> On 27/08/2020 14:19, Piviul via samba wrote: >> >>> >>> Microsoft is enforcing more securitybut it's Microsoft that develop >>> NetBIOS and LLMNR and if it's enforcing >> security should enforce these protocols or remove them from their OS >> isn't it? > > Microsoft ended support of NT4 servers over 15 years ago, but kept the > client code, but it is now actively trying to remove it, hence new > Windows 10 installs have SMBv1 turned off. You can never know just when > they will totally remove it, but I am sure it will be removed.If I have well understood the article that Louis send in a previous message, to enforce security it is very important use FQDN to refers to samba server and don't use netBIOS or LLMNR names. I don't know samba very well so I don't know if NetBIOS is tied to SMBv1 protocol but I'm pretty sure that LLMNR isn't: so you don't agree with me if Microsoft should emforce security should enforce security on LLMNR protocol or remove it from his OS ? ...but perhaps I ignore something more... Best regards Piviul
On 27/08/2020 15:23, Piviul via samba wrote:> Rowland penny via samba ha scritto il 27/08/20 alle 15:49: >> On 27/08/2020 14:19, Piviul via samba wrote: >>> >>>> >>>> Microsoft is enforcing more securitybut it's Microsoft that develop >>>> NetBIOS and LLMNR and if it's enforcing >>> security should enforce these protocols or remove them from their OS >>> isn't it? >> >> Microsoft ended support of NT4 servers over 15 years ago, but kept >> the client code, but it is now actively trying to remove it, hence >> new Windows 10 installs have SMBv1 turned off. You can never know >> just when they will totally remove it, but I am sure it will be removed. > If I have well understood the article that Louis send in a previous > message, to enforce security it is very important use FQDN to refers > to samba server and don't use netBIOS or LLMNR names. I don't know > samba very well so I don't know if NetBIOS is tied to SMBv1 protocol > but I'm pretty sure that LLMNR isn't: so you don't agree with me if > Microsoft should emforce security should enforce security on LLMNR > protocol or remove it from his OS ? ...but perhaps I ignore something > more... > > Best regards > > Piviul >Netbios is intrinsically tied to SMBv1 and? LLMNR (Link-Local Multicast Name Resolution) is also connected in a way, it allows name resolutions without a nameserver. So, if you are using it, I personally wouldn't, ever heard of MITM ? Rowland
Rowland penny via samba ha scritto il 27/08/20 alle 16:43:> [...] > Netbios is intrinsically tied to SMBv1 and? LLMNR (Link-Local Multicast > Name Resolution) is also connected in a way, it allows name resolutions > without a nameserver. So, if you are using it, I personally wouldn't, > ever heard of MITM ?Just to understand a little more... NetBIOS with a wins server configured is not prone to the MiTM attack, isn't it? Piviul
https://attack.mitre.org/techniques/T1557/001/ Man-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay 2 words in google.. Top link. ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Piviul via samba > Verzonden: vrijdag 28 augustus 2020 8:43 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] accessing foreign AD users to NT domain > > Rowland penny via samba ha scritto il 27/08/20 alle 16:43: > > [...] > > Netbios is intrinsically tied to SMBv1 and? LLMNR > (Link-Local Multicast > > Name Resolution) is also connected in a way, it allows name > resolutions > > without a nameserver. So, if you are using it, I personally > wouldn't, > > ever heard of MITM ? > Just to understand a little more... NetBIOS with a wins server > configured is not prone to the MiTM attack, isn't it? > > Piviul > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >