Azure users told they're not WannaCrypt-proof Microsoft Windows users already know what to do to defeat WannaCrypt (unless they've been asleep for a week). Now the company's published its advice for its Azure customers. Since there aren't any surprises in Microsoft's note for Azure users, Vulture South suspects this is a prod for people who are slow to respond or …
If you read the MS advisory you get this statement "Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled." followed by a list of side-effects of disabling SMB V2 & V3. Including stuff that you wonder just WTF is the deep-set interaction of file serving and other networking or services on Windows boxes? Like large MTUs for 10G Ethernet, symbolic links, etc.
Oh well, I guess its not long until systemd has this for Linux...
You read it the wrong way - when they mean large MTUs they mean by SMB itself. IF SMBv1 is unaware it can use larger MTUs and so its packets are always smaller, it won't ever attempt to pack data into a larger packet to take advantage of it:
"Large MTU support
One design goal for the SMB 2.1 protocol implementation in Windows Server 2008 R2 and Windows 7 was to achieve better performance for 10-gigabit Ethernet (very high speed/low latency) networks. This has been achieved with a new feature called ”Large MTU,” or ”multi-credit” operations. The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that a communication protocol can pass across the network. In SMB 2.1 this maximum data unit was increased from 64 kilobytes (KB) to 1 megabyte (MB). This allows customers with 10-gigabit Ethernet networks to better realize the capabilities of that network. Tasks such as copying large files are dramatically improved with this capability."
Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure .. disabling SMBv2 deactivates the following functionality:
01 Request compounding - allows for sending multiple SMB 2 requests as a single network request
02 Larger reads and writes - better use of faster networks
03 Caching of folder and file properties - clients keep local copies of folders and files
04 Durable handles - allow for connection to transparently reconnect to the server if there is a temporary disconnection
05 Improved message signing - HMAC SHA-256 replaces MD5 as hashing algorithm
06 Improved scalability for file sharing - number of users, shares, and open files per server greatly increased
07 Support for symbolic links
08 Client oplock leasing model - limits the data transferred between the client and server, improving performance on high-latency networks and increasing SMB server scalability
09 Large MTU support - for full use of 10-gigabye (GB) Ethernet
10 Improved energy efficiency - clients that have open files to a server can sleep
11 Transparent Failover - clients reconnect without interruption to cluster nodes during maintenance or failover
12 Scale Out – concurrent access to shared data on all file cluster nodes
13 Multichannel - aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server
14 SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU utilization
15 Encryption – Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks
16 Directory Leasing - Improves application response times in branch offices through caching
17 Performance Optimizations - optimizations for small random read/write I/O
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
