nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Operational impact of filtering SMB/NETBIOS traffic?

From: Paul Thornton <prt () prt org>
Date: Tue, 14 Nov 2000 22:06:34 +0000 (GMT)

On Tue, 14 Nov 2000, Scott Call wrote:


Because this traffic is IP traffic, I wanted to ask others on this list
how they treat SMB traffic on their backbones? 


One of the things I considered doing was filtering 137-139 in our data
centres to reduce risk to customers' poorly (usually through knowing no
better, so no offence intended here) configured NT boxes.  It does seem,
however, that people do want truly unrestricted NetBIOS over IP connectivity
into their boxes "So we can browse the server from the office" being a
familiar cry.  As a result of this, we didn't go ahead with the intended
filtering.

Experience has taught me that people (a) do this, and do it a lot
(certainly in Europe, YMMV elsewhere); and (b) a good number of them are
happy to have a server with little external filtering/firewalling/protection
doing it.  I find this particularly scary...

--
Paul

Not speaking for my employer, in case you know who they are...
Previous By Date Next
Previous By Thread Next

Current thread: