WannaCry, SMB v1, . , Microsoft SMB 2016 . , : , SMB Sonos.
SMB (Server Message Block) – . \servername\sharename. NetBIOS, UDP 137, 138 TCP 137, 139. Windows 2000 , TCP 445. SMB Active Directory .
« » – named pipes. \.\pipe\name.
, CIFS (Common Internet File System), 1980- , Windows Vista, 2006. Windows 8. Microsoft Samba.
, , . . , , WannaCry.
| , | ||
| SMB 2.0 | Windows Vista/2008 | 100+ 19 |
| «» – | ||
| HMAC SHA256 MD5 | ||
| \ | ||
| SMB 2.1 | Windows 7/2008R2 | |
| MTU | ||
| BranchCache – , | ||
| SMB 3.0 | Windows 8/2012 | |
| (RDMA) | ||
| Powershell | ||
| VSS | ||
| AES–CMAC | ||
| AES–CCM | ||
| HyperV | ||
| Microsoft SQL | ||
| SMB 3.02 | Windows 8.1/2012R2 | |
| SMB 3.1.1 | Windows 10/2016 | AES–GCM |
| SHA512 | ||
| «» SMB 2.x |
, Get–SmbConnection:
Windows.
, , , . , , – . Windows Set–SmbServerConfiguration, :
Get–SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
SMBv1 Windows 2012 R2.
Windows 2003.
, , . Windows XP 2003 SMB v1 ( NAS GNU\Linux, samba).
| Barracuda | SSL VPN | |
| Web Security Gateway backups | ||
| Canon | ||
| Cisco | WSA/WSAv | |
| WAAS | 5.0 | |
| F5 | RDP client gateway | |
| Microsoft Exchange Proxy | ||
| Forcepoint (Raytheon) | « » | |
| HPE | ArcSight Legacy Unified Connector | |
| IBM | NetServer | V7R2 |
| QRadar Vulnerability Manager | 7.2.x | |
| Lexmark | , | Firmware eSF 2.x eSF 3.x |
| Linux Kernel | CIFS | 2.5.42 3.5.x |
| McAfee | Web Gateway | |
| Microsoft | Windows | XP/2003 |
| MYOB | Accountants | |
| NetApp | ONTAP | 9.1 |
| NetGear | ReadyNAS | |
| Oracle | Solaris | 11.3 |
| Pulse Secure | PCS | 8.1R9/8.2R4 |
| PPS | 5.1R9/5.3R4 | |
| QNAP | 4.1 | |
| RedHat | RHEL | 7.2 |
| Ricoh | , | |
| RSA | Authentication Manager Server | |
| Samba | Samba | 3.5 |
| Sonos | ||
| Sophos | Sophos UTM | |
| Sophos XG firewall | ||
| Sophos Web Appliance | ||
| SUSE | SLES | 11 |
| Synology | Diskstation Manager | |
| Thomson Reuters | CS Professional Suite | |
| Tintri | Tintri OS, Tintri Global Center | |
| VMware | Vcenter | |
| ESXi | 6.0 | |
| Worldox | GX3 DMS | |
| Xerox | , | ConnectKey Firmware |
Microsoft, .
, , – SMB v1 .
-
, SMB v1 , , , . SMB Windows 8/2012 Powershell, Windows 7/2008 . Powershell:
Set–ItemProperty –Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 –Type DWORD –Value 0 –Force
. .
SMB v1 lanmanworkstation. :
sc.exe config lanmanworkstation depend=bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start=disabled
, Group Policy Preferences. .
.
, :
: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters;
: REG_DWORD c SMB1;
- : 0.
SMB v1 .
SMB v1 .
SMB v1:
: HKLM:\SYSTEM\CurrentControlSet\services\mrxsmb10;
: REG_DWORD c Start;
- : 4.
.
LanmanWorkstation, SMB v1:
: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation;
: REG_MULTI_SZ DependOnService;
- : – Bowser, MRxSmb20 NSI.
.
. SMB v1 .
–
, SMB ? ?