gskortz
asked on
SMB Fails Windows VM Public IP
Windows UNC (SMB) fails across public network. SMB works inside VM, i.e. 192.168.1.104 from/to 192.168.1.108, however, when trying same mount from inside our office to vCloud environment the mount fails. Wireshark shows the 445 packets never arrive and Windows moves on to port 80 which does not work nor is it expected to. vCloud firewall has an any/any permit rule and Wireshark shows the traffic leaving the office network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
F.y.i. SMB has SO many attack vectors it is near IMPOSSIBLE to setup a secure SMB environment.
And if SMB protocol is not vulnerable as such (did you verify that?) than the assumption on which it is used are mostly flawed as the usage was meant for restricted LAN environments, so all kinds of other tools & libraries are bordering the SMB service causing other security holes.
So it isn't exactly "Security" for the masses that is the policy here. Remember the outbreak of NOTPetya, that was related to SMB weaknesses.
Last week a biggie was fixed in the SMB protocol.
And if SMB protocol is not vulnerable as such (did you verify that?) than the assumption on which it is used are mostly flawed as the usage was meant for restricted LAN environments, so all kinds of other tools & libraries are bordering the SMB service causing other security holes.
So it isn't exactly "Security" for the masses that is the policy here. Remember the outbreak of NOTPetya, that was related to SMB weaknesses.
Last week a biggie was fixed in the SMB protocol.
ASKER
Thanks for you input. I appreciate your comments, however, there are very specific protections in place including input source and destination IP addresses for the 445 traffic. We understand how to provide alternative solutions including an IPSEC vlan and potentially port forwarding. My job was to determine a list of alternatives which would include reassignment of the SMB port if possible. Hence my question.
ok good luck.
ASKER