Re: Operational impact of filtering SMB/NETBIOS traffic?

[Jim Mercer <jim () reptiles org>]

On Sun, Nov 19, 2000 at 10:25:18AM -0800, Roeland Meyer wrote:
> > why does the application need a "share"?  can it not just 
> > negotiate the information needed without mounting the entire
> > office over a 33.6K connection?
>
> You ARE joking, right? I haven't seen a 33.6K connection in years.

well, you live a sheltered life.

i'm kinda getting tired of people who design/implement wide area applications
while wearing blinders.

> > could you not use an IPSec tunnel from one LAN to another, 
> > then run SMB over that tunnel?
> >
> > is it not possible to use ssh port forwarding to move the 
> > packets through a secure tunnel that way?
>
> When I can, that's what I do, via F-Secure port forwarding. However, many
> shops explicitly block port 22. This kills IPsec as well.

if many shops are explicitly blocking port 22, but allowing SMB, then they
need their heads examined.

i'm not sure how port 22 effects IPsec.

it seems that you are arguing that filtering SMB will inadvertantly effect
a bunch of boneheads that don't know what they are doing beyond point and
click.

i don't have a problem with that.  sure would clear off a bunch of bandwidth
from my networks to further enable the users who aren't boneheads (or
being managed by boneheads).

-- 
[ Jim Mercer                 jim () reptiles org              +1 416 410-5633 ]
[          Reptilian Research -- Longer Life through Colder Blood          ]
[  Don't be fooled by cheap Finnish imitations; BSD is the One True Code.  ]