.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: About SMB and MS-RPC
  :keywords: SMB MS-RPC, Samba-AD, documentation

.. _about_smb_msrpc:

####################
About SMB and MS-RPC
####################

******
MS-RPC
******

MS-RPC is a proprietary Windows protocol based on the :abbr:`DCE / RPC (Distributed Computing Environment / Remote Procedure Calls)` standard.
It is a dynamic port protocol like rpcbind or portmap under Linux.
That is to say that the first connection is made on port 135 then the client is redirected to another dynamically opened port in the allowed range (default 49152 to 65535).

This mode of operation is no longer in fashion today. It requires to open wide port ranges on the firewalls of servers and inter-site routers.

It is used to replicate LDAP directories across Active Directory servers.

.. table:: Ports used for a correct functioning of MSRPC

  ================================ ===================================================================
  Port                             Usage
  ================================ ===================================================================
  135                              TCP
  49152 to 65535 (>= win2008R2)    `Default port range <https://support.microsoft.com/en-us/kb/929851>`_ for RPC services over TCP
  1025 to 5000 (<win2k et win2k3)  Dynamic port range on older versions of Windows
  ================================ ===================================================================

***
SMB
***

The :abbr:`SMB (Server Message Block)` protocol allows *communication between processes*.
It is therefore the protocol that allows applications and services on networked computers to talk to each other.
We could also say that SMB is one of the languages used by computers to talk.

.. table:: Ports used for a correct functioning of SMB

  ===== ============================
  Port  Usage
  ===== ============================
  139   SMB over NetBIOS over TCP/IP
  445   SMB over TCP/IP
  ===== ============================

.. hint::

  How can we ensure the security of these ports?

  Leaving the network ports open for applications to run is a risk.
  So how do we keep our networks protected and our applications available and running?
  Here are several solutions to protect these two important and well-known ports:

  * Set up a firewall or endpoint protection to keep these ports safe from hackers.
    Most solutions include a blacklist to block connections from known hacker IP addresses.

  * Set up a VPN to encrypt and protect network traffic.

  * Set up VLANs to isolate internal network traffic.

  * Use MAC address filtering to prevent unknown systems from accessing the network.
    This tactic requires a great deal of management work to keep the list up to date.
