Web lists-archives.com

Re: [Samba] Does WannaCry Ransmonware affect Samba?




On 5/18/2017 8:32 AM, Rowland Penny wrote:
On Thu, 18 May 2017 08:11:08 -0400
lingpanda101 via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

      Up till today I have only heard that it affects Windows clients
and Servers. However I received this today that sparked my question

https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf

This suggests blocking port 445 for Samba specifically. First
wouldn't blocking port 445 break all file and printer sharing
functionality? Second isn't this port needed even by Windows for SMB?
I'm confused. Thanks.


I think what they are trying to say is:

Whilst wannacry will have no affect to a Samba server, if it is on a
Samba share that you connect to, your Windows computer may get infected.

The cure seems to be, turn off file sharing with the Samba server, it
might as well have said 'Go to Samba server, identify the power lead
and pull it out of the power socket' ;-)

Rowland


Didn't think about it from the standpoint of protecting Windows machines from malware residing on a Samba server.

This is exactly what I thought it was saying. Basically "We don't know how best to secure Samba, so just turn it off". I just couldn't fathom it would more or less mean that. Thanks.

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba