nanog mailing list archives

RE: Operational impact of filtering SMB/NETBIOS traffic?

From: Roeland Meyer <rmeyer () mhsc com>
Date: Sun, 19 Nov 2000 09:06:06 -0800


How closely have you looked at Samba sources? BTW, I've done it through SSH
tunnels too. The problem is that some SAs (a fair large percentage) think
that a port labeled "secure" (port 22) means that they have to take special
care to make sure that it is blocked (yes, they are the recently
lobotomized). So, three-quarters of the time, a VPN is not do-able and you
are forced to go plain-text direct. If, in addition, you block the NetBIOS
ports then you block application-level access for 80% of internet users.

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Sunday, November 19, 2000 8:19 AM
To: Roeland Meyer
Cc: 'Scott Call'; nanog () nanog org
Subject: Re: Operational impact of filtering SMB/NETBIOS traffic? 


On Sat, 18 Nov 2000 20:19:12 PST, Roeland Meyer 
<rmeyer () mhsc com>  said:

shares on the internet? We use SMB/Samba INSTEAD of NFS

because we believe

SMB to be more secure. smb.conf certainly gives more

security options than

exports does.


Don't confuse "more options" with "more security".

A protocol can have dozens of options, but yet be 
fundementally insecure.
-- 
                              Valdis Kletnieks
                              Operating Systems Analyst
                              Virginia Tech

Current thread:

RE: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- - - RE: Operational impact of filtering SMB/NETBIOS traffic? Joe Shaw (Nov 14)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 18)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 18)
    - RE: (Already happening) Operational impact of filtering SMB/NETBIOS traffic? Derrick (Nov 18)
    - Re: (Already happening) Operational impact of filtering SMB/NETBIOS traffic? Dana Hudes (Nov 18)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Travis Pugh (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Valdis . Kletnieks (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Adam Rothschild (Nov 20)
    - ISPs as content-police or method-police Ehud Gavron (Nov 20)
    - Re: ISPs as content-police or method-police Valdis . Kletnieks (Nov 20)
    - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police Shawn McMahon (Nov 20)
    - Re: ISPs as content-police or method-police Ben Browning (Nov 20)
    - RE: ISPs as content-police or method-police Christian Kuhtz (Nov 20)
    - Re: ISPs as content-police or method-police John Kristoff (Nov 20)
    - Re: ISPs as content-police or method-police joshua stein (Nov 20)

(Thread continues...)