[Samba] Does WannaCry Ransmonware affect Samba?

lingpanda101 lingpanda101 at gmail.com
Thu May 18 12:43:37 UTC 2017


On 5/18/2017 8:32 AM, Rowland Penny wrote:
> On Thu, 18 May 2017 08:11:08 -0400
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>>       Up till today I have only heard that it affects Windows clients
>> and Servers. However I received this today that sparked my question
>>
>> https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf
>>
>> This suggests blocking port 445 for Samba specifically. First
>> wouldn't blocking port 445 break all file and printer sharing
>> functionality? Second isn't this port needed even by Windows for SMB?
>> I'm confused. Thanks.
>>
>>
> I think what they are trying to say is:
>
> Whilst wannacry will have no affect to a Samba server, if it is on a
> Samba share that you connect to, your Windows computer may get infected.
>
> The cure seems to be, turn off file sharing with the Samba server, it
> might as well have said 'Go to Samba server, identify the power lead
> and pull it out of the power socket' ;-)
>
> Rowland
>
>   

Didn't think about it from the standpoint of protecting Windows machines 
from malware residing on a Samba server.

This is exactly what I thought it was saying. Basically "We don't know 
how best to secure Samba, so just turn it off". I just couldn't fathom 
it would more or less mean that. Thanks.

-- 
--
James




More information about the samba mailing list