nanog mailing list archives
RE: Operational impact of filtering SMB/NETBIOS traffic?
From: Mathew Butler <mbutler () tonbu com>
Date: Mon, 20 Nov 2000 04:12:19 -0800
Ah, but here's the rub: Is there anything, from a business standpoint (read: contracts), that says that you have the right, much less the obligation, to make 'security' decisions for the customer? If not, you're opening your company up to massive lawsuits. It's a -very- touchy subject -- but I, as a customer, want exclusive right to make filtering decisions over what goes from my network to the peering point, where the other backbone providers can choose their own policy. The reason for this is so that, if necessary, I can run any protocol I have a need to run over all circuits that I have that are connected to the same ISP. If it is shown that my network is relaying spam traffic, or is otherwise abusing the precepts of "Maintain Control Over What Flows In To And Out Of Your Network", only -then- would I think that control should be exercised by the NSP, and only then to the extent necessary to stop the abuse. And a hefty fine should be imposed on my company in that circumstance. Or are you thinking that the only clueful people in the network world exist at the NSPs? -Mat Butler -----Original Message----- From: Shawn McMahon [mailto:smcmahon () eiv com] Sent: Sunday, November 19, 2000 4:53 AM To: nanog () merit edu Subject: Re: Operational impact of filtering SMB/NETBIOS traffic? On Sat, Nov 18, 2000 at 08:19:12PM -0800, Roeland Meyer wrote:
because we want shares. You are considering killing off a whole bunch of legitimate use because some are too brain-dead to not have unintentional shares on the internet?
There are other issues with Microsoft's networking protocols than just unintentional shares. It leaks potentially lethal information like a sieve. Letting it willy-nilly through your firewalls is an invitation to have compromised hosts on your network. It should be filtered by default, and only un-filtered by request; and that with the understanding that if it even looks like you might be owned, you get cut off until there's an explanation.
Current thread:
- RE: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? David Avery (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jeremy T. Bouse (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
- Message not available
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Bennett Todd (Nov 20)