![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Operational impact of filtering SMB/NETBIOS traffic?
From: Shawn McMahon <smcmahon () eiv com>
Date: Sun, 19 Nov 2000 18:45:39 -0500
On Sun, Nov 19, 2000 at 10:31:06AM -0800, Roeland Meyer wrote:
1) Be behind a firewall that blocks ssh.Sometimes ... been there ... too often.2) Be behind a firewall that DOESN'T block SMB.Usually the case.3) Not be in a position to have that policy changed.Almost always the case with a client.4) Not be violating his corporation's policies when he connects through you.Covered by NDA ... no problem. Besides, corporate policy enforcement is not part of the transit provider contract.
Roeland, I doubt that you can name me a single case where all of the following are true: The firewall blocks outbound ssh. The firewall allows inbound SMB. The customer cannot get that policy changed. The customer is not violating his company's policies by connecting his PC to the company network through the internet. All four of those have to be true for your example to be meaningful. No sane network administrator blocks ssh but allows SMB. That's like locking your 2nd-floor windows but leaving your 1rst-floor doors wide open. I agree with you that most firewalls block ssh; I do not agree that most firewalls don't block SMB, as you've stated. I in fact think that the number of firewalls that don't block SMB but do block ssh is so small as to be statistically insignificant. Please name me a single Fortune-1000 company that blocks outbound ssh but not inbound SMB. Short of setting your firewall up this way for the express purpose of providing an example, I doubt you can even name a business listed on any stock exchange anywhere that does this; and if you can, I bet their admin will fix the problem after you do.
Attachment:
_bin
Description:
Current thread:
- Re: ISPs as content-police or method-police, (continued)
- Re: ISPs as content-police or method-police Ben Browning (Nov 20)
- RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
- Re: ISPs as content-police or method-police John Kristoff (Nov 20)
- Re: ISPs as content-police or method-police joshua stein (Nov 20)
- RE: ISPs as content-police or method-police Mark Radabaugh (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Etaoin Shrdlu (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Adam McKenna (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)