Securite Netbios

!#"%$'&)(*(+-,/.0(1243658769;:6?>?,1+@

ACBED

76!91F

B6BHG

I

"!$#%'&(*)+!, -

.0/1 2435+)76 6*8:9;8:=?%'8@6*8A6*6*)+!, B

-DCE)GF,8:2H%I#8@6*J:&K%L)G JE#'8NM$OQP R

BSOQ!T 6U#8@V'2H6*6*8 R

W0XY8A6*&(L)+V*)+!,Z#'8V5+%'6 )78A%L6[V2H\]%'8A 6M$OQP ^

_4` Ibadcfe gihkjAlfm(lin?oKjYpKe jHekcqm(r?htsHh guvmxwAyHhlqg{z4|@} ```t``````````` ~

_4`Dd hkjAlflih!T" 2H*8:6 4.

` IhuvcioKlio4oxrhs4hjHe pKo(lfn?m(lin?oKjz4|@}QvjHhkpxuHcioKlb`t``````````` I"

`Sz:h*giginoxjYgihlfyHuEm(jvs ```t```````````t``````````` I

^ !T99;8:"8A "!,%FT8A%'Z9!vU#8V2H6*6 8M$OQP8:Z&x5+2H)+V24" )+#'%

LJ:6 8:2H%I2H57!vL6\]%=)+5#8AF]L2H)+8x L8E8A'&("]V' J :

D{=?24k*2H\]%'8

$d'

d y4lin?rn gfmLlin?oKjs4h{hkliHn?oxgeklfm(jAl n?jxlfnh Uh jAlr?n?eth ryvnHs4h{z4|@}(h cfmKuHu,oKcillfcfmKn lfh

h gfgfm(jAlin?hkr?rh hkjAl{s4hr?mgie kyHcinlieh j uHcfhknh cr?nh y khNwAyHhgioKjAlr?h guHcfo(lfo:koKr?h gzH|@} hkl z hlYrh yHcfg

oKjTlin?oKjvjHhkhkjAlqgHu,oKyvcvjHn?cvgiyHcyHjvhUn gihth je:n?sHhkjvkh

${

1

$$

Ehkm(cqwAyHhEhuHcfo(lfo4oKr?hz4|@} melfes4eKh roxuHuTeu,oKyvc

oKjTlin?oKjvjHhkcUgoxyvgKJUCz

+m.xh yHjuHcio4kh gfgh yHcK jAlih r

( h glu,oKyvcfwAyHoxndrh*g

Reponse SMB negprot

Client Serveur

Client Serveur

Requete de session Netbios(nom netbios)

Session Netbios autorise

Client Serveur

Client Serveur

Requete SMB TconX

Reponse SMB TconX

Client Serveur

Client Serveur

Requete SMB sessetupX

Reponse SMB sessetupX

Client Serveur

Client Serveur

Requete SMB negprot

I

2

Q lfmKHr?n?gfgh hkjAls] yHjHh

9v`A{uHcf gtr mjHe pKo4n mLlfnoxjNs4huHcfo(lfo4oKr?h ,r?hkrn?hkjAluHcfo4 sHh%yHjvhUn s4h jxlfn ,kmLlfnoxj

hkjy4lin?r?n?gfmLlfhkyHc oxyUh juvm(cilfmKpKh yvgihkc n s4hkjAlinHT mLlin?oKj oKy ig1)Tm(cfh n s4h jxlfn ,kmLlfnoxj

gyHcUr?hgihkc,Khkyvc `Bh gUs4hkylG:u,h gUs] n?s4h jAlinHTkm(lin?oKj gihkcfoKjAlsHhlfmKnr?r?ekh gUsHmKjvg[yvj

*)vm(uHnlicfhgyHn Lm(jAl `

hllfhelfmKuThh*gl{cfe mKrn ge hpxcxhm(yuTmKwAyHhlqgs4hcih*wAyHlfh fz:h gfgfghkliyHuH z:h gfg0

ghkliyHuYuToxyHc fz:h gfginoxjYz:hkliyHuEm(jTs `

h

uTm(cilfm(pxekh s4ycfe0

gh*m(y`Ld y4lfnr?n?gfmLlfhkyHcdgihoKjvjHh lih r mcfh gfgoxyHcqh1 a;= J1n?gfwAyHh g6 uHcfnm(jAlfh gq

gn?uHrh hkjAlm.Kh*yHj;o(lUs4huvmxgigihK`d y4lin?rn gfmLlih yHcUuTh y4lklicfhj nu,oKcilihwAyHn

gyHcr?hcfe gih mKynr r?yHndgiyl

TCP header

SMB command header

DATA

SMB base header

NETBIOS header

!#"$%&('*),+-'./102"3)2452$'6"5&7$8):9

! #"$

%&

' !

()*+,-. +/021436547#"$

%

,-.

+89,:2. 89,:

289,:0;

2?,A@CBD =-E"'-5'=F5#GE03HI9=:

'-"'>

?5'-5E:JK -5E:J+L,77?M

&

()* =-; )-

()* =-0;

%

N,;

%

2-5E #5'$=-5'5'

2?-5E ,99!OPQL"5'

2IR5E =,J=-5",Q-$S5'

2

[

)HhHmKsHe n?m(r]wAyHn$ m(cqmKlfekcfn?gihr?hjHox {hklf} noAgk`

O

oKn nr?h guHcfn?jvn?uvm(r?h gLmKrh yHcfgwAyHhu,hky4l{uvcih jvs4cfhkhgh n n Uh8:6'!T96[%')7\]%8:6

2

mx*)Hn?jHhYd{x6ez:h cI:n h

2mx*)Hn?jHhYd{};Qe ApKh jxl{s4yoKjvn lfhkyHc{cfe gih mKyNz4|zH

2

mx*)Hn?jHhYd{} e z:h cIxhkyHc{z4|z

2

y4lin?rn gfmLlih yHcMd{ 96e yHlin?rn gim(lih yHc{oxjHjHh lier?o: m(r?hkhkjAl

>8:6'!T9;6U#'8 vL!,%$V8A6

2

jHoKgf{s4hUf{s4oKm(n?jHhUd{K6eZ{ox sHypKcfoKyvuThs oxcfs4n?jvm(lihkyvcfg m(yvwAyHh rTr m

'

Y

Y Y k

-

n 0 m(uHcf ggiyHn KhkjAlr?h goxmKjvs4h*gjHe kh gfgimKncfh gUy4lfnr?n?giekh*guvm(cyvjIkrn?hkjAls4e*gn?cfmKjAl

mK e*s4hkcyHjT*)Hn?hkc{giyHcyHjuvmKclqm(pKhz4|@} s4elfhkj:yuvm(cyHjEgihkc,Kh yHc

z4|@}f=Ct|!f{@QKCT*)Hn?hkc*`

z4|@}f=Ct|!f+E+QRA@J (r?hr?nh jAl

oKyHcfjHnl

2ZH=! =+,,I3H

'-"'>

Z8$T,! N 0#11

&

5$,9"'

&

5$,9"'),ETK@^D MM =991E$T.54=,'-5V=:

%&

5$,9"';@ D

h uvmKwAyHhkl'h*glhkj'Ko6GxeduvmKc'r?hr?nh jxlu,oKyHc s4oxjHjHhkc mKy[gh cIxhkyHc'r mr?n?glihs4h*gLxhkcqgn?oKjTg

s4huHcfo(lfo4oKr?h gz4|} wAy n?r$giyHuHu,oKcilihx`

] 4 oKcqsHkoKyHjAlE][(Lm(yHl lfoKy oxyHcqgH`

]};GAlih6oKyHjAl']

h*)vm(uvg ]& m(uvmKHnr?nlin?h gE]En?jvs4n wxyvh ginrhgihkc,Kh yHcYgiyHuHu,oKcilih r?h g*)vm(n?jHh*gT1+ 0

CJ=Q+HoKyYHn?hkjEs4h*g{oxUmKjvs4h g=< | v` I"hkl ]C1h J1oKmKnjv1m(h](`(h yHclfmKnr?rh1yHyHre hh gl>s4oKjvjHekhuvmKcdr m

*)vmKUu ]};GAlih*oxyHjAlE]L`

$mr?oKjvpKyHh yHcs4h ]Qdjvc,G:u4lin?oKjFhGR]h*gl's4oKjHjvekh uvmKc!] QdjvkcIG:u4lfnoxj?FhG4$hkjHp)xl*`$mr?oKj0

pKyvhkyHc$sHh ]C1hk"J1oKm(n?jv1m(h]h gl$s4oxjHjHekh uTm(cr oxuTe cfm(lin?oKjd]};GAlih*oKyvjxl']*0P] QdjTc,GAuHlin?oKj?FhG:$hkjHp)AlE]L`

]C1h "JoxmKnjTm(h]{jHoxyvgs4oxjHjHhrhjvoK s4h

huvmKwAyHhklsHoKjHjHhs4hjvoK[vcih yvgh*g nj

oxcim(lin?oKjvggiyHcr?hgIG4glfkhs4yEr?nh jAl `

h*)Tm(uvgK]k|@m6H} y hkcz:n?kh] h gl$licf g$nu,oKcilfmKjxl& n?r:s4oKjHjvh>r mwAyvm(jAlfn lfe>m64n?[yH

s4hsHoKjHjHe h g

$K uTh cihlsHhuvmKgfghh jvc,G:u4liehl>sHhrhHcfy4lfh

oKcqe

m(n gh r?mUu,hky4l1g m.KkcfhkcuHr?y4lioKl{roxjHpv`?``

Jh*guHcioxpKcqm(h goKhoxu()Al cqmK*/+m.xh zH|@} tcin?jvs4h cq

(sHgjvn oxyHn?hkjUcfh mKs0

gi[T

oKjAls4hr e*oxy4lih

huThklinl1gf*)Hekmn?rr?yvglicfhtyvjHh

Y S

kYx

$Y

L GE/

@ "95$=D11111111111111111 @C,,,$=D @ $D

d mLlilfmxwxyTm(jAlcihoKnlrhuHcfhkn?hkcuvmxwAyHhl{giyHcrhu,oKcilz4|@} glqm(jvsHmKcfs`

@ "95$=D 11111111111111111;@C,,,=GE/D @ D

@C,,,$=FGG4/D

rcih*s4n?cin?pKhthuvmKwAyHhklgiyHc rhu,oKcil r?o4kmKr I I97H`Az4yHchtuToxcl&AyvjuHcfo.Gh gl h je*oKyHlihK`

c=:L

@ "95$=D11111111111111111 @C,,,$=D @ $D

d mLlilfmxwxyTm(jAl cfhkoKnlr?mUcfh wAyHlfhjHhkpxuHcioKl `

=:L'

@ "95$=D @C,,,=D111111111111111 @ D

rr mUcih*s4ncfn?pKhKhkcqg rh

L

@ "95$=D @C,,,=D111111111111111111111 @ D

T7IL,+="'HL

d mLlilfmxwxyTm(jAl1h j xoKn?h

Y$

QdjyHlin?rn gimKjAl r?h g hl,)Ho4s4h g uHcfh gihkjAlie h gxr mcie*yHu,hkcqmLlfnoxjs4h g o(lqgs4h1uTmKgfghz4|@}

hkj;kr?mKnc

Documents

Securite Netbios