Web lists-archives.com

Re: [Samba] Does WannaCry Ransmonware affect Samba?




On 2017-05-18 14:11, lingpanda101 via samba wrote:
> Hello,
> 
>     Up till today I have only heard that it affects Windows clients and
> Servers. However I received this today that sparked my question
> 
> https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf
> 
> 
> This suggests blocking port 445 for Samba specifically. 

Probably a typo/misunderstanding. 445 is for all SMB implementations.

> First wouldn't> blocking port 445 break all file and printer sharing functionality?
>
> Second isn't this port needed even by Windows for SMB? I'm confused.
> Thanks.

Yes to both. That's what the slight understatement "may cause
disruptions on systems that require port 445" means.

Samba in itself is not vulnerable to ETERNALBLUE, so it cannot be
infected by WannaCry.

However, vulnerable clients with write access to Samba shares can still
encrypt files on Samba shares and render them useless, so you should
still make sure you can detect ransomware attacks and make sure your
backups work.

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas@xxxxxx | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba