Question about Samba Security

Gerald (Jerry) Carter jerry at
Thu Nov 29 16:02:06 GMT 2007

Hash: SHA1


> I am the resident IT guy at a small, but growing company. I setup Samba
> (most recent version) on a FreeBSD 6.1 server which everyone in the
> company now uses to store personal and shared files. It's great. We have
> a few employees who work outside of the office though, and I want them
> to be able to access the same filesystem somehow. I thinking about
> setting up our router to forward port 139 so that out outside employees
> can access the Samba server (so long as they have the IP of our router,
> which is static). But I have security concerns in doing this. Is this
> risk of being attacked/hacked over port 139 very high? 

Its never recommended to put a CIFS file server (from any vendor)
outside the firewall.

> Is Samba as vulnerable to attacks over port 139 as an actual 
> Windows server is?

There are several weakness in the protocol itself.  Recent
protocol improvements can alleviate this, but in general
CIFS is a very broad protocol that requires large amounts
of parsing.

> If so, can someone recommend another solution? Setting up 
> a VPN is an project that I don't have time to get involved
> with. Please reply to my email: dave at

Best to invest the time in a VPN though.  That's the recommended

cheers, jerry
- --
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list