HostedDB - Dedicated UNIX Servers
nt-part2_28 Analysis of the Security of  Windows NT 1 March 1999 28 4.6  Common Internet File System (CIFS) Common Internet File System is a protocol designed by Microsoft to be used in a dis- tributed file system. It relies heavily on TCP, NBT [49], [50] and SMB. Currently the protocol is an Internet Draft [31], and Microsoft hopes that it will be accepted as an Internet standard. This implies that the protocol currently is under constant revision and some of the parts presented here could be subject to change. The draft consists of a number of SMB commands used to connect to and manipulate an exported file system. The idea, at leased as implemented in NT, is that TCP and NBT sessions is used to carry the SMB commands. To establish a CIFS connection to a file system, four types of connections needs to be established all in all. Assuming that all name resolutions are made. First, a TCP con- nection to port 139 is needed. Next, an NBT session is set up over the TCP connection. After that, an SMB session is established over the NBT session, and last a TreeConnect is made with the help of SMB commands. The first SMB connection is a logon on the server that exports the file system, and the TreeConnect is the equivalent of mounting the file system. The SMB commands is often attached back to back as a combined Ses- sionSetUpandX and  TreeConnect message. If the file system is shared in user level mode, the  SessionSetupandX command will carry the user name and password of the user. If share level is used, the TreeConnect will carry the share level password for that share. If the authentication is passed, the result of the SessionSetupandX message is a UID that is used to identify the user in subsequent SMB messages and the result from the TreeConnect is a  TID that is used for SMBs referring to the connected resource. The messages exchanged is described in Figure 7. FIGURE 7. Connecting to an exported service TCP: SYN ACK TCP: SYN port: 139 TCP: ACK port: 139 NBT: Session Request NBT: Positive  Session Responce SMB: C negotiate SMB: R negotiate SMB: C SessionSetupandX, C TreeConnectandX SMB: R SessionSetupandX, R TreeConnectandX