MarketServer Message Block
Company Profile

Server Message Block

Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Windows, the SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication. It also provides an authenticated inter-process communication (IPC) mechanism.

Features
Server Message Block (SMB) enables file sharing, printer sharing, network browsing, and inter-process communication (through named pipes) over a computer network. SMB serves as the basis for Microsoft's Distributed File System implementation. SMB relies on the TCP and IP protocols for transport. This combination allows file sharing over complex, interconnected networks, including the public Internet. The SMB server component uses TCP port 445. SMB originally operated on NetBIOS over IEEE 802.2 - NetBIOS Frames or NBF - and over IPX/SPX, and later on NetBIOS over TCP/IP (NetBT), but Microsoft has since deprecated these protocols. On NetBT, the server component uses three TCP or UDP ports: 137 (NETBIOS Name Service), 138 (NETBIOS Datagram Service), and 139 (NETBIOS Session Service). In Microsoft Windows, two Windows services implement SMB. The "Server" service (ID: LanmanServer) is in charge of serving shared resources. The "Workstation" service (ID: LanmanWorkstation) maintains the computer name and helps access shared resources on other computers. SMB signing may be configured individually for incoming SMB connections (by the "LanmanServer" service) and outgoing SMB connections (by the "LanmanWorkstation" service). The default setting for Windows domain controllers running Windows Server 2003 and later is to not allow unsigned incoming connections. As such, earlier versions of Windows that do not support SMB signing from the get-go (including Windows 9x) cannot connect to a Windows Server 2003 domain controller. Unlike traditional locks, opportunistic lock (OpLocks) are not strictly file locking or used to provide mutual exclusion. There are four types of opportunistic locks. ; Batch Locks: Batch OpLocks were created originally to support a particular behavior of DOS batch file execution operation in which the file is opened and closed many times in a short period, which is a performance problem. To solve this, a client may ask for an OpLock of type "batch". In this case, the client delays sending the close request and if a subsequent open request is given, the two requests cancel each other. ; Level-1 OpLocks / Exclusive Locks: When an application opens in "shared mode" a file hosted on an SMB server which is not opened by any other process (or other clients) the client receives an exclusive OpLock from the server. This means that the client may now assume that it is the only process with access to this particular file, and the client may now cache all changes to the file before committing it to the server. This is a performance improvement, since fewer round-trips are required in order to read and write to the file. If another client/process tries to open the same file, the server sends a message to the client (called a break or revocation) which invalidates the exclusive lock previously given to the client. The client then flushes all changes to the file. ; Level-2 OpLocks: If an exclusive OpLock is held by a client and a locked file is opened by a third party, the client has to relinquish its exclusive OpLock to allow the other client's write/read access. A client may then receive a "Level 2 OpLock" from the server. A Level 2 OpLock allows the caching of read requests but excludes write caching. ; Filter OpLocks: Added in Windows NT 4.0, Filter Oplocks are similar to Level 2 OpLocks but prevent sharing-mode violations between file open and lock reception. Microsoft advises use of Filter OpLocks only where it is important to allow multiple readers and Level 2 OpLocks in other circumstances. Clients holding an OpLock do not really hold a lock on the file, instead they are notified via a break when another client wants to access the file in a way inconsistent with their lock. The other client's request is held up while the break is being processed. ; Breaks: In contrast with the SMB protocol's "standard" behavior, a break request may be sent from server to client. It informs the client that an OpLock is no longer valid. This happens, for example, when another client wishes to open a file in a way that invalidates the OpLock. The first client is then sent an OpLock break and required to send all its local changes (in case of batch or exclusive OpLocks), if any, and acknowledge the OpLock break. Upon this acknowledgment the server can reply to the second client in a consistent manner. Performance The use of the SMB protocol has often correlated with a significant increase in broadcast traffic on a network. However the SMB itself does not use broadcasts—the broadcast problems commonly associated with SMB actually originate with the NetBIOS service location protocol. By default, a Microsoft Windows NT 4.0 server used NetBIOS to advertise and locate services. NetBIOS functions by broadcasting services available on a particular host at regular intervals. While this usually makes for an acceptable default in a network with a smaller number of hosts, increased broadcast traffic can cause problems as the number of hosts on the network increases. The implementation of name resolution infrastructure in the form of Windows Internet Naming Service (WINS) or Domain Name System (DNS) resolves this problem. WINS was a proprietary implementation used with Windows NT 4.0 networks, but brought about its own issues and complexities in the design and maintenance of a Microsoft network. Since the release of Windows 2000, the use of WINS for name resolution has been deprecated by Microsoft, with hierarchical Dynamic DNS now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NetBIOS names by DNS requires that a DNS client expand short names, usually by appending a connection-specific DNS suffix to its DNS lookup queries. WINS can still be configured on clients as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS. Network designers have found that latency has a significant impact on the performance of the SMB 1.0 protocol, that it performs more poorly than other protocols like FTP. Monitoring reveals a high degree of "chattiness" and a disregard of network latency between hosts. For example, a VPN connection over the Internet will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than a streaming protocol, that was originally designed for small LANs; it has a block size that is limited to 64K, SMB signing creates an additional overhead and the TCP window size is not optimized for WAN links. Solutions to this problem include the updated SMB 2.0 protocol, Offline Files, TCP window scaling and WAN optimization devices from various network vendors that cache and optimize SMB 1.0 and 2.0. == History ==
History
SMB 1.0 Barry Feigenbaum originally designed SMB at IBM in early 1983 with the aim of turning DOS INT 21h local file access into a networked file system. Microsoft made considerable modifications to the most commonly used version and included SMB support in the LAN Manager operating system it had started developing for OS/2 with 3Com around 1990. Microsoft continued to add features to the protocol in Windows for Workgroups () and in later versions of Windows. LAN Manager authentication was implemented based on the original legacy SMB specification's requirement to use IBM "LAN Manager" passwords, but implemented DES in a flawed manner that allowed passwords to be cracked. Later, Kerberos authentication was also added. The Windows domain logon protocols initially used 40-bit encryption outside of the United States, because of export restrictions on stronger 128-bit encryption (subsequently lifted in 1996 when President Bill Clinton signed ). SMB 1.0 (or SMB1) was originally designed to run on NetBIOS Frames (NetBIOS over IEEE 802.2). Since then, it has been adapted to NetBIOS over IPX/SPX (NBX), and NetBIOS over TCP/IP (NetBT). Also, since Windows 2000, SMB runs on TCP using TCP port 445, a feature known as "direct host SMB". There is still a thin layer (similar to the Session Message packet of NetBT's Session Service) between SMB and TCP. Microsoft marked SMB1 as deprecated in June 2013. Windows Server 2016 and Windows 10 version 1709 do not have SMB1 installed by default. CIFS In 1996, when Sun Microsystems announced WebNFS, Microsoft launched an initiative to rename SMB to Common Internet File System (CIFS) These submissions have since expired. SMB 2.0 Microsoft introduced a new version of the protocol (SMB 2.0 or SMB2) in 2006 with Windows Vista and Windows Server 2008. Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol. SMB2 reduces the 'chattiness' of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen. Samba 3.6 fully supports SMB2, except the modification of user quotas using the Windows quota management tools. When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed by IBM, was reverse engineered, and later became part of a wide variety of non-Windows operating systems such as Xenix, OS/2 and VMS (Pathworks). X/Open standardized it partially; Microsoft had submitted Internet-Drafts describing SMB2 to the IETF, partly in response to formal IETF standardization of version 4 of the Network File System in December 2000 as IETF RFC 3010; however, those SMB-related Internet-Drafts expired without achieving any IETF standards-track approval or any other IETF endorsement. (See http://ubiqx.org/cifs/Intro.html for historical detail.) SMB2 is also a relatively clean break with the past. Microsoft's SMB1 code has to work with a large variety of SMB clients and servers. SMB1 features many versions of information for commands (selecting what structure to return for a particular request) because features such as Unicode support were retro-fitted at a later date. SMB2 involves significantly reduced compatibility-testing for implementers of the protocol. SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support). Apple migrated to SMB2 (from their own Apple Filing Protocol, now legacy) starting with OS X 10.9 "Mavericks". This transition was fraught with compatibility problems though. Non-default support for SMB2 appeared in fact in OS X 10.7, when Apple abandoned Samba in favor of its own SMB implementation called SMBX The Linux kernel's CIFS client file system has SMB2 support since version 3.7. SMB 2.1 SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced minor performance enhancements with a new opportunistic locking mechanism. SMB 3.0 SMB 3.0 (previously named SMB 2.2) was introduced with Windows 8 notably in virtualized data centers: • the SMB Direct Protocol (SMB over remote direct memory access [RDMA]) • SMB Multichannel (multiple connections per SMB session), • SMB Transparent Failover It also introduces several security enhancements, such as end-to-end encryption and a new AES based signing algorithm. SMB 3.0.2 SMB 3.0.2 (known as 3.02 at the time) was introduced with Windows 8.1 and Windows Server 2012 R2; in those and later releases, the earlier SMB version 1 can be optionally disabled to increase security. SMB 3.1.1 SMB 3.1.1 was introduced with Windows 10 and Windows Server 2016. This version supports AES-128 GCM encryption in addition to AES-128 CCM encryption added in SMB3, and implements pre-authentication integrity check using SHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB versions that support it. == Specifications ==
Specifications
The specifications for the SMB are proprietary and were initially closed, thereby forcing other vendors and projects to reverse-engineer the protocol to interoperate with it. The SMB 1.0 protocol was eventually published some time after it was reverse engineered, whereas the SMB 2.0 protocol was made available from Microsoft's Open Specifications Developer Center from the outset. == Third-party implementations ==
Third-party implementations
Samba In 1991, Andrew Tridgell started the development of Samba, a free-software re-implementation (using reverse engineering) of the SMB/CIFS networking protocol for Unix-like systems, initially to implement an SMB server to allow PC clients running the DEC Pathworks client to access files on SunOS machines. Because of the importance of the SMB protocol in interacting with the widespread Microsoft Windows platform, Samba became a popular free software implementation of a compatible SMB client and server to allow non-Windows operating systems, such as Unix-like operating systems, to interoperate with Windows. As of version 3 (2003), Samba provides file and print services for Microsoft Windows clients and can integrate with a Windows NT 4.0 server domain, either as a Primary Domain Controller (PDC) or as a domain member. Samba4 installations can act as an Active Directory domain controller or member server, at Windows 2008 domain and forest functional levels. Package managers in Linux distributions can search for the cifs-utils package. The package is from the Samba maintainers. Netsmb NSMB (Netsmb and SMBFS) is a family of in-kernel SMB client implementations in BSD operating systems. It was first contributed to FreeBSD 4.4 by Boris Popov, and is now found in a wide range of other BSD systems including NetBSD and macOS. The implementations have diverged significantly ever since. The macOS version of NSMB is notable for its now-common scheme of representing symlinks. This "Minshall-French" format shows symlinks as textual files with a extension and a magic number, always 1067 bytes long. This format is also used for storing symlinks on native SMB servers or unsupported filesystems. Samba supports this format with an option. Docker on Windows also seems to use it. NQ NQ is a family of portable SMB client and server implementations developed by Visuality Systems. The NQ family comprises an embedded SMB stack (written in C), a Pure Java SMB Client, and a storage SMB server implementation. All versions support the SMB 3.1.1 dialect. They support Linux, Windows CE, iOS, Android, VxWorks and other operating systems. MoSMB MoSMB is a user space SMB implementation for Linux. It supports SMB 2.x and SMB 3.x. Key features include Cloud-scale Active-Active Scale-out Clusters, SMB Direct (RDMA), SMB Multichannel, Transparent Failover and Continuous Availability. MoSMB also supports Amazon S3 object storage as storage backend in addition to POSIX file systems such as ext4, ZFS, Lustre, Ceph, etc. Fusion File Share by Tuxera Fusion File Share by Tuxera is a proprietary SMB server implementation developed by Tuxera that can be run either in kernel or user space. It supports SMB 3.1.1 and all previous versions, additionally advanced SMB features like continuous availability (persistent handles) scale-out, RDMA (SMB Direct), SMB multichannel, transparent compression, shadow copy. Likewise Likewise developed a CIFS/SMB implementation (versions 1.0, 2.0, 2.1 and SMB 3.0) in 2009 that provided a multiprotocol, identity-aware platform for network access to files used in OEM storage products built on Linux/Unix based devices. The platform could be used for traditional NAS, Cloud Gateway, and Cloud Caching devices for providing secure access to files across a network. Likewise was purchased by EMC Isilon in 2012. KSMBD KSMBD is an open source in-kernel CIFS/SMB server implementation for the Linux kernel. Compared to user-space implementations, it provides better performance and makes it easier to implement some features such as SMB Direct. It supports SMB 3.1.1 and previous versions. == Security ==
Security
Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components on which it directly relies. Other vendors' security vulnerabilities lie primarily in a lack of support for newer authentication protocols like NTLMv2 and Kerberos in favor of protocols like NTLMv1, LanMan, or plaintext passwords. Real-time attack tracking shows that SMB is one of the primary attack vectors for intrusion attempts, for example the 2014 Sony Pictures attack and the WannaCry ransomware attack of 2017. In 2020, two SMB high-severity vulnerabilities were disclosed and dubbed as SMBGhost (CVE-2020-0796) and SMBleed (CVE-2020-1206), which when chained together can provide remote code execution (RCE) privilege to the attacker. == See also ==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com