nanog mailing list archives
Re: Operational impact of filtering SMB/NETBIOS traffic?
From: Travis Pugh <tpugh () shore net>
Date: Sun, 19 Nov 2000 10:21:28 -0500 (EST)
On Sun, 19 Nov 2000, Shawn McMahon wrote:
There are other issues with Microsoft's networking protocols than just unintentional shares. It leaks potentially lethal information like a sieve. Letting it willy-nilly through your firewalls is an invitation to have compromised hosts on your network. It should be filtered by default, and only un-filtered by request; and that with the understanding that if it even looks like you might be owned, you get cut off until there's an explanation.
This is a sound policy for the administrator of a firewall. I don't think it is a policy at all for the administrators of service-provider networks, since what the SP is providing is access. I'm not terribly excited about the idea of edge filtering on the ISP network. I don't think it is my job to tell customers what they can and cannot run, in terms of IP traffic, until it violates an AUP. If we need better tools to tell us when a customer is the source of a DoS attack or some other violation of AUP ... some sort of alarm to let the SP know if a customer has been compromised ... I'd be much happier implementing that rather than denying traffic because it is a potential method of attack. Carried to the extreme (which someone will always do) blocking NBT traffic doesn't make nearly as much sense as blocking ICMP by default. It would be much harder to source a DoS attack from one of my customers if they couldn't pass ICMP traffic. However, I think the customers would quickly decide that securing them wasn't my job and go in search of a less draconian ISP. -travis
Current thread:
- Re: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Joe Shaw (Nov 14)
- Message not available
- Re: Operational impact of filtering SMB/NETBIOS traffic? William S. Duncanson (Nov 14)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Sutantyo, Danny (Nov 14)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Joe Shaw (Nov 14)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Joe Shaw (Nov 14)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Joe Shaw (Nov 14)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 18)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 18)
- RE: (Already happening) Operational impact of filtering SMB/NETBIOS traffic? Derrick (Nov 18)
- Re: (Already happening) Operational impact of filtering SMB/NETBIOS traffic? Dana Hudes (Nov 18)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 18)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Travis Pugh (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Valdis . Kletnieks (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Adam Rothschild (Nov 20)
- ISPs as content-police or method-police Ehud Gavron (Nov 20)
- Re: ISPs as content-police or method-police Valdis . Kletnieks (Nov 20)
- RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
- Re: ISPs as content-police or method-police Shawn McMahon (Nov 20)