HTTP and SMB 1

[Nosferatu]

First of all, I was not sure in which forum should I post this, so here I am.

My question is related to the HTTP and SMB protocols and it is very simple:

Do theSE protocols communicate? That is, do SMB shares are avaiable over the HTTP? If yes, how and at which level? Is a SMB share transformed into an URL by the OS and accessible that way?
This does not sound right to me but some people seem to indicate that's what's happening.

Can anybody enlight me on this? [red]Nosferatu[/red]
We are what we eat...
There's no such thing as free meal...
once stated: methane@personal.ro

 

[sleipnir214]

SMB and HTTP are completely unrelated protocols.

Only the intevention of a piece of softare such as a web server can make SMB shares available under HTTP.

______________________________________________________________________
TANSTAAFL!

 

[fluid11]

sleiprir is correct, but you can use a web browser to view these shares. Open up a browser and type \\server\share, filling in the appropriate server name and share name.


ChrisP

 

[Nosferatu]

You can use it just because of the intervention of the application, which is transparent to the user. The web browser is just an explorer window, it hasn't much to do with the HTTP...
You can go to root:/ or c:\ if you want with a web browser; it's the same thing. [red]Nosferatu[/red]
We are what we eat...
There's no such thing as free meal...
once stated: methane@personal.ro

 

[fluid11]

Right, but you don't have to mount or map any drives when viewing shares this way.


ChrisP

 

[sleipnir214]

Keep in mind, that only works (if your firewall's administrator is worth his pay) within the local network.

If you have shares available to the world, you are in a nine line bind. ______________________________________________________________________
TANSTAAFL!

 

[Nosferatu]

Could you give me an example of how a shared resource over SMB can be exploited?
Aren't there any authentication protocols to prevent that from happening? [red]Nosferatu[/red]
We are what we eat...
There's no such thing as free meal...
once stated: methane@personal.ro

 

[fluid11]

SMB is an extremely insecure protocol. You can do a google search and find tons of script-kiddie SMB exploit tools.

http://rr.sans.org/win/SMB.php

ChrisP

 

[Nosferatu]

A star for you, Chris...
But this does not catalogate the SMB protocol as being EXTREMELY insecure, in my oppinion.
Seems to me to be more like... work in progress or something.
Being an exploit of a backward compatibility feature (NTLM auth), I'm sure it will go away in some time soon. Of course, nobody sais that no other exploits will pop up (and indeed, I did not perform any Google searches as advised). [red]Nosferatu[/red]
We are what we eat...
There's no such thing as free meal...
once stated: methane@personal.ro

 

[sleipnir214]

Nosferatu,

A very good security rule of thumb is: Do not allow anyone access to anything that he doesn't need to access.

SMB can give you access to the entire hard-drive on Win32 systems. Win9x's security is primitive in the extreme, and WinNT, W2K, and WinXP all include the "C$" administrative share, which maps to the root of your c-drive and cannot be turned off.

Also, SMB requires access to a machine's RPC portmapper port, which is one a very vulnerable port. ______________________________________________________________________
TANSTAAFL!

 

[Nosferatu]

So, something like setting up an network distributed archive (that presumes the existance of confidential data) which would allow SMB access would be somewhat suicidal?

However... I understand the Man in the middle attack type and so, but how would someone gain access to the hard drive (C$), if remote administrative options would be disabled and no clients would be granted execute rights on the server (I presume that the Trojan horses described in the article pointed by Chris would be based on the man in the middle attack, followed by chaos).

Am I being naive here? [red]Nosferatu[/red]
We are what we eat...
There's no such thing as free meal...
once stated: methane@personal.ro

 

[sleipnir214]

Nosferatu,

You're the one with confidential data to protect. That means the burden of proof is on you. So let me ask you...Do you know as an undeniable fact that if you turn off remote administration and remove client execution privileges, that SMB is safe to use as a transmission protocol for confidential data over the open internet? ______________________________________________________________________
TANSTAAFL!

 

[Nosferatu]

The data transmission, packing and encoding is a whole other problem, somewhat separated from the attacks issue, isn't it?
Of course, the core of the problem is essentially the same - a third uninvited party assisting to a certain delicate conversation.
But encoding/decoding the data being sent can be a problem that lies on the programmers' side, the one developing the product. There are means to encode the data being sent, proprietary or not.

However, the effort does not worth if the underlying transport protocol is willing to give away passwords to B-( strangers. And the programmer using that protocol just cannot do anything about it!


[red]Nosferatu[/red]
We are what we eat...
There's no such thing as free meal...
once stated: methane@personal.ro