NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SMB 1.0 (Given Wanna Cry)
Out of curiosity in the latest 6.7.1 firmware is SMB 1.0 disabled?
Can we control SMB so that it ONLY used 3.0 or 2.0-3.0 for example?
The Wanna Cry issue used an attack vendor to attack Windows machines that hadn't had a security update installed. Our NAS units don't run Windows.
The latest RAIDiator 4.1.x and RAIDiator-arm uses samba 3.5.x. The latest RAIDiator-x86 4.2.x uses samba 3.6.x
Experimental SMB2 support was added in samba 3.5.x, but really you should be using a newer version of samba to use it. 3.6 isn't much newer. I'd be wanting to use newer than that. To my knowledge we don't have any plans to update samba on these old OSes.
I think SMB2 support is turned off by default on all those models.
OS6 currently uses samba 4.4.x, a much newer samba series.
I've passed on the feature request to be able to disable SMB1 support from the GUI for OS6 devices.
I believe RAIDiator 4.x is limited to SMB v1. ReadyNAS OS 6.7 has SMB v3 support.
Interestingly it must support something other than SMB v1. I robooted the ReadyNas after enabling the NFS service, and just for laughs thought I'd try to see if I could access from explorer, and I can. I was expecting to have to enable NFS on WIN10, and as you can see from here, neither are enabled. Interesting.
I've tried disabling SMB1 on a W10 laptop and doing that causes ReadyNAS servers to dissappear from the Network Computers window. Turning it on makes everything show up nicely.
As much as I'd love to turn off SMB1, it doesn't look like you can simply do that w/o consequences.
The Wanna Cry issue used an attack vendor to attack Windows machines that hadn't had a security update installed. Our NAS units don't run Windows.
The latest RAIDiator 4.1.x and RAIDiator-arm uses samba 3.5.x. The latest RAIDiator-x86 4.2.x uses samba 3.6.x
Experimental SMB2 support was added in samba 3.5.x, but really you should be using a newer version of samba to use it. 3.6 isn't much newer. I'd be wanting to use newer than that. To my knowledge we don't have any plans to update samba on these old OSes.
I think SMB2 support is turned off by default on all those models.
OS6 currently uses samba 4.4.x, a much newer samba series.
I've passed on the feature request to be able to disable SMB1 support from the GUI for OS6 devices.
> The latest RAIDiator 4.1.x and RAIDiator-arm uses samba 3.5.x. The latest RAIDiator-x86 4.2.x uses samba 3.6.x
> To my knowledge we don't have any plans to update samba on these old OSes.
Give the recent CVE ( CVE-2017-7494 ) that appears wormable, it seems to me that Netgear SHOULD be patching any version of SMB 3.5 or higher, and it would be great if you did patch SMB2 or better support into these older devices (of which I have 6.)
https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/
If indeed you can't get to your ReadyNAS servers with SMB1 turned off, then you must have something else causing the problem.
An alternative, if you can't get thi to work, is to enable NFS on the ReadyNAS and on the WIN10 systems. Thats a better alternative than leaving SMB1 active. While the patched Windows systems are protected against the #Wannacry there is every likelyhood there will be derivatives.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
