Ads
NAS 啲 vendor 升級密唔密
用緊西部數碼
NAS 啲 vendor 升級密唔密
用緊西部數碼
你部NAS係真IP定響firewall後面?firewall有無Samba port forwarding?
如果響firewall 後,firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相,但無知到係乜protocol。我自己部router行Linux但一年以上無得update,不過我Samba無開到。
Ads
NAS 啲 vendor 升級密唔密
用緊西部數碼
你部NAS係真IP定響firewall後面?firewall有無Samba port forwarding?
如果響firewall 後,firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相,但無知到係乜protocol。我自己部router行Linux但一年以上無得update,不過我Samba無開到。
behind firewall, through NAT i think. not sure what ports they use, but i occasionally use the included app to access files there. I probably have uPNP turned on on the router
Mitigation:
Any of the following:
1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit
2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.
3. Add the parameter:
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.
Mitigation:
Any of the following:
1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit
2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.
3. Add the parameter:
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.
即係 sambacry 係 windows client 導致 ?
Mitigation:
Any of the following:
1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit
2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.
3. Add the parameter:
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.
即係 sambacry 係 windows client 導致 ?
......
唔識英文定唔知咩係SMB
NAS 啲 vendor 升級密唔密
用緊西部數碼
你部NAS係真IP定響firewall後面?firewall有無Samba port forwarding?
如果響firewall 後,firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相,但無知到係乜protocol。我自己部router行Linux但一年以上無得update,不過我Samba無開到。
behind firewall, through NAT i think. not sure what ports they use, but i occasionally use the included app to access files there. I probably have uPNP turned on on the router
Run this test at home behind firewall.
http://www.t1shopper.com/tools/port-scan/
Ads
今次到 #Samba (Linux 上嘅 SMB share server) 有遙距攻擊漏洞,Exploit code 已流通,不禁令人擔心類似 #WannaCry 同 #EternalBlue 相關嘅攻擊今次會針對 Linux-based 系統。如果攻擊成功,除咗有機會中 Ransomware 外,仲可能偷或修改到部機入面嘅資料
https://www.facebook.com/InfoSecOnGround/posts/716393495206994
#NAS 高危!
Btw 跟據小編尋晚收集嘅資料,攻擊條件可能包括有 writable share / pipe,未必係人都得,但值得大家留意一下。
詳情:https://www.samba.org/samba/security/CVE-2017-7494.html