Comprehensive data protection for all workloads
Post Reply
jronnblom
Influencer
Posts: 17
Liked: 2 times
Joined: Oct 23, 2013 6:15 am
Full Name: Janåke Rönnblom
Contact:

Veeam and SMB usage? (badlock bug?)

Post by jronnblom »

Hi,

Due to the badlock bug and all hype surrounding it we're looking at locking down our backupservers.

We use B&R v8 for backing up both Vmware/vCenter and Hyper-V hosts. We're using application aware processing. And we have three different backupservers/repositories with local disks.

I have read the following:

https://helpcenter.veeam.com/backup/80/ ... ports.html
https://helpcenter.veeam.com/backup/80/ ... ports.html

At the moment our servers have the SMB ports open for incoming connections. If we were to close those ports using windows firewall would our backups or restore break?

As far as I understand from the above links it should be okay to block incoming SMB ports. Anyone have any input?

-J
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Veeam and SMB usage? (badlock bug?)

Post by PTide »

Hi,

What ports are you referring to? Ports 135, 137, 138, 139, 445 are required for successful data transmission between proxy and repository.

Thank you.
jronnblom
Influencer
Posts: 17
Liked: 2 times
Joined: Oct 23, 2013 6:15 am
Full Name: Janåke Rönnblom
Contact:

Re: Veeam and SMB usage? (badlock bug?)

Post by jronnblom »

PTide wrote:
Ports 135, 137, 138, 139, 445 are required for successful data transmission between proxy and repository.
Those ports ;)

There is next to no information about the badlock bug. Hopefully it turns out to be a dud.

However we're taking this as an opportunity to tighten the security around our backupsystems. The first step is to limit SMB access to them.

-J
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Veeam and SMB usage? (badlock bug?)

Post by PTide »

At the moment there is no info about the bug even on samba.org, all that can be found is just a few words on a couple of websites that do not seem to be very trusty. Microsoft hasn't released any announcement too. For now I can't tell you for sure whether that bug is a joke or not. Anyway I suggest you to doublecheck if all of your backups are ok and copy at least one most recent full for each VM to some offline media (tape, usb drive, external hdd). Disabling those ports leads to a reduced functionality of your infrastructure so it's up to you.

Thank you.
Post Reply

Who is online

Users browsing this forum: dbeerts and 85 guests