search for: wannacry

Hello, Up till today I have only heard that it affects Windows clients and Servers. However I received this today that sparked my question https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf This suggests blocking port 445 for Samba specifically. First wouldn't blocking port 445 break all file and printer sharing functionality? Second isn't this port needed even by Windows for SMB? I'm confused. Thanks. -- -- James

...17-05-18 14:11, lingpanda101 via samba wrote: > Hello, > > Up till today I have only heard that it affects Windows clients and > Servers. However I received this today that sparked my question > > https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf > > > This suggests blocking port 445 for Samba specifically. Probably a typo/misunderstanding. 445 is for all SMB implementations. > First wouldn't> blocking port 445 break all file and printer sharing functionality? > > Second isn't this port neede...

Hi, we have updated our samba AD domain from 4.4.x to 4.5.x. The release notes for 4.5.0 included  "NTLMv1 authentication disabled by default". So we had to enable it to get our radius (freeradius) server working (for 802.1x). What would be the best way to change the freeradius configuration in such a way, that we can disable NTLMv1 again. The radius server is used for WLAN

On 09/30/2017 12:58 AM, Rowland Penny via samba wrote: > I understand that you have to use XP, but you don't have to use NTLM, > haven't you heard of 'wanacry' ? > Go here and read it:http://www.imss.caltech.edu/node/396 WannaCry did not infect XP or for that matter, Windows Nein, oops, Ten. Doesn't mean it couldn't if altered to do so: Reference: https://www.computerworld.com/article/3196673/malware/faq-are-you-in-danger-from-the-wannacrypt-ransomware.html Why didn’t WannaCry infect Windows XP or 10...

...ew signatures > If they are supporting XP, it is all the same process. No difference. > sorry but to say it clear: to think a anti-virus can replace a solid operating system is a naive and dangerous attitude > Uhhh, Why do you not look at infections rates instead of marketing FUD. WannaCry did not even touch XP. Not looking at this from an infection rate standpoint and, instead, believing what the marketing weasels at M$ tell you is far more dangerous in my technical opinion. > with some luck malware was not tested on XP and won't run by luck because of the too small usrbase...

...gt; Im waiting until trevor has the antivirus vfs is ready for samba 4. > @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-) > (https://github.com/fumiyas/samba-virusfilter/issues/23) > I've seen good work but it stopped.. :( > I .. wannacry .. :-)) https://github.com/treveradams/samba/tree/testing is actually where to look, I believe it is current for 4.6.x (be warned you may have to reset to past versions from time to time as the code base is git push -f to keep the changelog short and as simple patches for merging). I am waiting o...

...that has to have LANMAN support. I called Xerox tech support and their answer was it was out of support. It is probably seven years old. It was an expensive scanner, not one of those new fangled fall apart in two years scanners. It is working very well still. I can not see the scanner catching WannaCry. My main concern was the ramifications to Samba of leaving Lanman activated.

...at would be the best way to change the freeradius configuration in >> such a way, >> >> that we can disable NTLMv1 again. >> >> The radius server is used for WLAN (802.1x) and for VPN. >> >> How insecure is NTLMv1 ? >> > Have you ever heard of 'wannacry' ? or to put it another way 'VERY > insecure' > > Rowland > > >

...uth = yes" in smb.conf Funnily other (no internet) windows 7 clients work OK. I have two questions 1. What need to be changed in registry of this not working windows 7 client. (It was a preinstalled machine from vendor - we cannot reinstall). 2. BTW is this ntlm auth = yes can anyway cause wannacry type issues? Many thanks greg smb.conf [global] server string = SPR Server server role = standalone server bind interfaces only = yes interfaces = lo eno1 disable netbios = no max log size = 1000 log level = 1 security = user server role = standalone server passdb ba...

...n a wrong way. Why do you > think a firewall is the ONLY part that needs to be provide security? > That's the way I read this statement - that it doesn't matter anywhere > else. In addition, the majority of attacks and compromises come from > INSIDE the firewall - ie. the "wannacry" and similar attacks are all > distributed via email, executed on a local workstation and it propagates > from there - your external firewall is not even hit before your > servers/cluster is scanned. I will second that. I personally run servers under assumption that bad guys are alre...

...ndows 7/10 desktops.) Im waiting until trevor has the antivirus vfs is ready for samba 4. @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-) (https://github.com/fumiyas/samba-virusfilter/issues/23) I've seen good work but it stopped.. :( I .. wannacry .. :-)) If you setup your mail server to respect servers setup conform RFC, your spam wil drop at least 70%-90% Saving you lots of cpu time. Now i use postfix with its postscreen, clamav with yara rules for antivirus. (https://virustotal.github.io/yara/) And a postfix with postscreen setup, s...

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..?

Halo Valeri, let's think about what a hpc cluster is for. Second, one should always ask the question where security is to be applied,then one can come to the following decision: - The firewall is placed in front of the cluster. - After you have found a safe base for this, you freeze it. - We have a rsync of centos and epel on the head node. >From here, we can always reinstall a node

Hello, My Samba has been working well until I recently run Windows update for DC. I got the error message below on my client (Windows 8.1 Enterprise Evaluation OS) when accessing the Samba shares. " *\\pinnacle** is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.* " I can

...ent really urks me in a wrong way. Why do you think a firewall is the ONLY part that needs to be provide security? That's the way I read this statement - that it doesn't matter anywhere else. In addition, the majority of attacks and compromises come from INSIDE the firewall - ie. the "wannacry" and similar attacks are all distributed via email, executed on a local workstation and it propagates from there - your external firewall is not even hit before your servers/cluster is scanned. Another aspect here is all the other stuff outside the kernel. Even if you do "yum update&quot...

...10/01/2017 10:03 PM, Reindl Harald (mobile) via samba wrote: >> sorry but to say it clear: to think a anti-virus can replace a solid >> operating system is a naive and dangerous attitude >> > > Uhhh,   Why do you not look at infections rates instead of > marketing FUD.  WannaCry did not even touch XP. so what - beause one specific malware did not proves nothing > Not looking at this from an infection rate standpoint and, > instead, believing what the marketing weasels at M$ tell > you is far more dangerous in my technical opinion. you seem to confuse me with so...

...ily other (no internet) windows 7 clients work OK. > I have two questions > > 1. What need to be changed in registry of this not working windows 7 > client. (It was a preinstalled machine from vendor - we cannot > reinstall). > > 2. BTW is this ntlm auth = yes can anyway cause wannacry type issues? > Many thanks > greg > > smb.conf > > [global] > server string = SPR Server > server role = standalone server > bind interfaces only = yes > interfaces = lo eno1 > disable netbios = no > max log size = 1000 > log level...

...indl Harald (mobile) via samba wrote: >>> sorry but to say it clear: to think a anti-virus can replace a solid >>> operating system is a naive and dangerous attitude >>> >> >> Uhhh,   Why do you not look at infections rates instead of >> marketing FUD.  WannaCry did not even touch XP. > > so what - beause one specific malware did not proves nothing The "So What" is the aggregate, not a single instance. You missed my point. > >> Not looking at this from an infection rate standpoint and, >> instead, believing what the mark...

...samba wrote: >>>> sorry but to say it clear: to think a anti-virus can replace a >>>> solid operating system is a naive and dangerous attitude >>>> >>> >>> Uhhh,   Why do you not look at infections rates instead of >>> marketing FUD.  WannaCry did not even touch XP. >> >> so what - beause one specific malware did not proves nothing > > The "So What" is the aggregate, not a single instance.  You > missed my point. > >> >>> Not looking at this from an infection rate standpoint and, >>&...

My guess Samba 3.6 (smb v1) Windows 8.1 after update, disabled smb v1 probely. ( wannacry crypto leak) Dont know for sure but that was ms its advice also. I think its time to update your samba. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > albert samba via samba > Verzonden: woensdag 24 mei 2017 20:13...