question

BrcoBrem-7045 avatar image
0 Votes"
BrcoBrem-7045 asked BrcoBrem-7045 answered

LAN only SMB 1.0/CIFS ok?

Hi,

I'm working on a old 3rd party app installed on a Win10 Pro machine that requires SMB 1.0/CIFS (aka simply "SMB" in this thread) to read data from a USB stick that resides in a router.

Question 1 : If I enable SMB in Win10, but don't specifically open SMB ports on the router (ie. port forwarding to the Win10's static IP) to allow traffic to enter from the WAN, is the Win10 Pro PC relatively safe with this setup?

Additionally, for extra safety on that Win10 PC, I could also create/modify a Win10 firewall rule for SMB and limit the scope to just the router's IP (where the USB stick resides). I'd do that just in case some other PC on the same LAN subnet enables SMB for nefarious purposes to try to access the Win10 PC.
Question 2 : Would this firewall rule be necessary or even advised?

Although not the topic of this thread please, one possible pitfall here involves hackers using UPnP to open ports on routers. If interested in those details, see here
[hackers-are-opening-smb-ports-on-routers-so-they-can-infect-pcs-with-nsa-malware][1]
Btw, I have already disabled UPnP on the router.

I appreciate your thoughts and comments on the two questions above.

Regards . . .

windows-10-network
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

0 Votes 0 ·

You could accept the useful reply as answer if you want to end this thread up.
If there is anything else we can do for you, please feel free to post in the forum.

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered CandyLuo-MSFT edited

Hi ,

In theory, there is no problem with your configuration. But if there is a infected machine in your LAN and SMB v1 is enabled on those PCs, then it will infect all PCs enabled SMB V1 on your local network within a few minutes.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BrcoBrem-7045 avatar image
0 Votes"
BrcoBrem-7045 answered CandyLuo-MSFT commented

Hi Candy,

I couple days ago I replied with more information, but today I see that reply is not here. When I first accessed this thread today (not yet logged into the site), there was some kind of notice that said something like, "I previous version has been saved, do you want to use that version?" Since I had not logged into the site yet, I had no idea what that dialog was supposed to mean, so I said "no". Was that my missing reply? If so, can you get it restored? It was rather lengthy and detailed.

Please advise.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, it seems your reply has missing. Please understand, I cannot restore the missing reply, I can only restore deleted reply.

0 Votes 0 ·
BrcoBrem-7045 avatar image
0 Votes"
BrcoBrem-7045 answered

He Cindy,
Thanks for reply. I will recreate the post when time allows.
Regards . . .

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.