First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

SMB3 signatures

I have only Windows Server 2016 and 10 machines on my network. I have enabled SMB3 encryption on all the servers that have file shares on them and I have configures SMB Digitally Signing to Required for all the machines in the domain. I would like to find out if my SMB connections are digitally signed. I used Wireshark to capture a connection between my Windows 10 1709 machine and Windows Server 2016 file share.

I cant attach a screenshot but in the "Negotiate Protocol Response" packet it shows the "Signature" under SMB2 Header as 00000000000000000000000000000000 so I assume SMB digitally signing isn't working?

The weird thing is, if I open an "Encrypted SMB3" packet and expand the SMB2 Transform Header I can see a Signature option which says: ee51ab3d9aa14b72cb8df4302b582167

So is SMB3 digitally signing working or not?

xy456's avatar
1
xy456
asked 2018-04-22 20:17:52 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2018-10-26 17:27:22 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

Hello

SMB3 supports signing. The key is negotiated during the Session Setup phase. You should see the first signature in the Session Setup Response.

SMB (including SMB2 and SMB3) can only use signing if both sides support this option. The Session Setup Response is the first opportunity to do this.

SMB-encryption is enabled on a per-share base. Hence the first messages of the SMB connection will exchanged in plain text. Once a Tree Connect has completed all following traffic will be encrypted and signed.

SMB3 digital signatures work as desired.

Happy sniffing

Eddi's avatar
2.4k
Eddi
answered 2018-05-01 16:26:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer