nanog mailing list archives

Re: Operational impact of filtering SMB/NETBIOS traffic?

From: Adam Rothschild <asr () latency net>
Date: Mon, 20 Nov 2000 11:05:37 -0500


On Sat, Nov 18, 2000 at 08:19:12PM -0800, Roeland Meyer wrote:

You'd have LOTs of complaint from me and many of my clients. Many of
us log into our external gateway PDCs from foriegn locations. We
have shares because we want shares.


Yikes.  Isn't that what secure road-warrior VPNs are for?

You are considering killing off a whole bunch of legitimate use
because some are too brain-dead to not have unintentional shares on
the internet?


Intentional or not, sniffing SMB passwords and share info doesn't
require much skill.

We use SMB/Samba INSTEAD of NFS because we believe SMB to be more
secure.


That's like saying the electrical chair may be far more appealing to
some than lethal injection.  NFS and SMB are both insecure and
inefficient mechanisms for file transfer over the public Internet.
SMB may be the lesser of the two evils, but it's really irrelevant.
Why not use ssh/sftp, or for the Unix impaired, some https-based file
transfer interface, instead?

On Sun, Nov 19, 2000 at 09:06:06AM -0800, Roeland Meyer wrote:

[...] in addition, you block the NetBIOS ports then you block
application-level access for 80% of internet users.


Howso?  Sounds like you'd be promoting responsible usage instead.

-adam

Current thread:

Re: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 18)
    - RE: (Already happening) Operational impact of filtering SMB/NETBIOS traffic? Derrick (Nov 18)
    - Re: (Already happening) Operational impact of filtering SMB/NETBIOS traffic? Dana Hudes (Nov 18)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Travis Pugh (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Valdis . Kletnieks (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Adam Rothschild (Nov 20)
    - ISPs as content-police or method-police Ehud Gavron (Nov 20)
    - Re: ISPs as content-police or method-police Valdis . Kletnieks (Nov 20)
    - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police Shawn McMahon (Nov 20)
    - Re: ISPs as content-police or method-police Ben Browning (Nov 20)
    - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police John Kristoff (Nov 20)
    - Re: ISPs as content-police or method-police joshua stein (Nov 20)
    - RE: ISPs as content-police or method-police Mark Radabaugh (Nov 20)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)

(Thread continues...)