Re: US-Cert recommends disabling SMB1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: L A Walsh <cifs-gT3AUAsYRbTYtjvyW6yDsg@public.gmane.org>
To: Sachin Prabhu <sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-cifs <linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: US-Cert recommends disabling SMB1
Date: Tue, 17 Jan 2017 11:14:12 -0800	[thread overview]
Message-ID: <587E6D04.8010803@tlinx.org> (raw)
In-Reply-To: <1484670992.21675.2.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

Sachin Prabhu wrote:
> The following advisory was released by US-CERT.
>
> https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-B
> est-Practices
>   

Interesting since the KB articles they point out only tell how to disable
SMB SMB2 or SMB3, but not why you would do so.

Note, I have had to use SMB(1) on Windows7SP1 at times when I couldn't get
SMB2 to work.  Could the US-CERT people explain what the risk is in
using SMB1 on a closed (not exposed to the internet) network?

FWIW, I am running SMB2 now...

Sure wish I knew how to optimize it, as I have gotten 400-600MB/s
in past testing (don't know what SMB level it was), but am now only
getting ~ 200MB/s on SMB2.  SMB1 was in the low 100's for throughput.
(between Win7SP1 client and Samba-on-linux server).

next prev parent reply	other threads:[~2017-01-17 19:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-17 16:36 US-Cert recommends disabling SMB1 Sachin Prabhu
     [not found] ` <1484670992.21675.2.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-17 19:06   ` Steve French
2017-01-17 19:14   ` L A Walsh [this message]
     [not found]     ` <587E6D04.8010803-gT3AUAsYRbTYtjvyW6yDsg@public.gmane.org>
2017-01-17 19:18       ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=587E6D04.8010803@tlinx.org \
    --to=cifs-gt3auasyrbtytjvyw6ydsg@public.gmane.org \
    --cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.