nanog mailing list archives

RE: Operational impact of filtering SMB/NETBIOS traffic?

From: Roeland Meyer <rmeyer () mhsc com>
Date: Sun, 19 Nov 2000 10:56:03 -0800

From: Jim Mercer [mailto:jim () reptiles org]
Sent: Sunday, November 19, 2000 10:38 AM

On Sun, Nov 19, 2000 at 10:25:18AM -0800, Roeland Meyer wrote:

why does the application need a "share"?  can it not just 
negotiate the information needed without mounting the entire
office over a 33.6K connection?


You ARE joking, right? I haven't seen a 33.6K connection in years.


well, you live a sheltered life.

i'm kinda getting tired of people who design/implement wide 
area applications
while wearing blinders.


So am I. Transit providers shouldn't be filtering without specific request.

could you not use an IPSec tunnel from one LAN to another, 
then run SMB over that tunnel?

is it not possible to use ssh port forwarding to move the 
packets through a secure tunnel that way?


When I can, that's what I do, via F-Secure port forwarding.

However, many

shops explicitly block port 22. This kills IPsec as well.


if many shops are explicitly blocking port 22, but allowing 
SMB, then they
need their heads examined.


We agree there. I prefer the SSH connection. That's why we went to the
trouble to set it up in the first place.

i'm not sure how port 22 effects IPsec.


Kills it dead, just like SSH.

it seems that you are arguing that filtering SMB will 
inadvertantly effect
a bunch of boneheads that don't know what they are doing 
beyond point and
click.


Say that to a dot-com VP and manage to keep your business relationship
(paycheck). If you can do that, I want you on my sales force.

i don't have a problem with that.  sure would clear off a 
bunch of bandwidth
from my networks to further enable the users who aren't boneheads (or
being managed by boneheads).


The "A" students work in research labs, run by the "B" students, in
companies, that are managed by the "C" students, for the owners, that were
the "D" students.

They may be boneheads, but who has the money?

Current thread:

RE: ISPs as content-police or method-police, (continued)
- - - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police John Kristoff (Nov 20)
    - Re: ISPs as content-police or method-police joshua stein (Nov 20)
    - RE: ISPs as content-police or method-police Mark Radabaugh (Nov 20)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
  - RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Etaoin Shrdlu (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Adam McKenna (Nov 19)
  - RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Ethan Butterfield (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)

(Thread continues...)