RE: Operational impact of filtering SMB/NETBIOS traffic?

["Sutantyo, Danny" <danny.sutantyo () intel com>]

How do you proxy Netbios?

-----Original Message-----
From: Joe Shaw [mailto:jshaw () insync net]
Sent: Tuesday, November 14, 2000 2:44 PM
To: Scott Call
Cc: nanog () nanog org
Subject: Re: Operational impact of filtering SMB/NETBIOS traffic?




It may break some things your customers use, like Exchange mail with NT
domain authentication.  Also, be aware that Netbios now operates on higher
porrts on Win2k and possibly WinME (445/TCP) as well as the 135-139 range.
Netbios can also be proxied via 80/TCP now as well, though I think that
may only be outbound.  People who design protocols like this should be
tarred, feathered, and then shot.

--
Joseph W. Shaw
Sr. Network Security Specialist for Big Company not to be named because I
don't speak for them here.  I have public opinions, and they don't.

On Tue, 14 Nov 2000, Scott Call wrote:

> Due to an increasing number of intrusions into windows-based machines
> through unprotected shares, I've started filtering both incoming and
> outgoing traffic for our customers on ports 138/139.
>
> So far this has caught a fair amount  of traffic coming from customers,
> but none have called to complain about a lack of connectivity.
>
> Because this traffic is IP traffic, I wanted to ask others on this list
> how they treat SMB traffic on their backbones?