[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Win2003 server/SMB -- key point: works v. works as configured



On Fri, 2004-12-31 at 08:41, Bryan J. Smith wrote:
> That's different.  There is a well documented change in how Windows
> Server 2003 handles the SMB handshake in violation of its own, published
> state diagram on the handshake.  In a nutshell, they now "skip a step." 
> Windows clients silently error but continue.  Samba marks it as an
> improper negotiation and a possible protocol/security issue.

This is the crux of my argument of Samba over native Windows SMB.

In many cases of Microsoft protocols, improper handshake and negotiation
silently fails, ignores or otherwise negotiations/assumes another
connection.  It's extremely difficult to find these issues when you use
native Windows SMB servers.  Especially when a _lot_ of them are "false
security"/"marketing" features that just don't work as advertised.

Microsoft has regularly been guilty of disabling encryption, signatures,
password hashes, etc... when problems arise, but not failing.  In fact,
they've even been guilty of silently disabling features for performance
issues -- for benchmark purposes.  I've exposed a lot of these in
various postings (SMB, Exchange, etc...).

Only when you either use a framegrabber like pcap (or front-end that use
it like tcpdump or Ethereal) that you discover these details.  

This "default" is common outside of SMB as well.  E.g., MS IE _still_
has an issue where it doesn't report that sub-frames aren't encrypted,
when the entire site is supposed to be.  Mozilla/Netscape do.  Many
companies that get calls from Mozilla/Netscape users who complain that
they are getting a "low-grade" or "no encryption" warnings are dismissed
with "we don't support Mozilla/Netscape."

It's not until someone like myself comes in and tells them "you are
lacking encryption in one of the subframes on your site" that people
stop and go, "ohhh...."

So don't confuse "it just works" with "it works as configured."  ;->


-- 
Bryan J. Smith                                    b.j.smith@ieee.org 
-------------------------------------------------------------------- 
Subtotal Cost of Ownership (SCO) for Windows being less than Linux
Total Cost of Ownership (TCO) assumes experts for the former, costly
retraining for the latter, omitted "software assurance" costs in 
compatible desktop OS/apps for the former, no free/legacy reuse for
latter, and no basic security, patch or downtime comparison at all.




-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.