Re: Operational impact of filtering SMB/NETBIOS traffic?

[Shawn McMahon <smcmahon () eiv com>]

On Mon, Nov 20, 2000 at 04:12:19AM -0800, Mathew Butler wrote:
> Ah, but here's the rub: Is there anything, from a business standpoint (read:
> contracts), that says that you have the right, much less the obligation, to
> make 'security' decisions for the customer?  If not, you're opening your
> company up to massive lawsuits.

Let me get this straight; you think that instead of shooting you an
email asking that the port be opened, your customer is going to call in
the lawyers and file suit?

WTF are your customers?

> It's a -very- touchy subject -- but I, as a customer, want exclusive right
> to make filtering decisions over what goes from my network to the peering
> point, where the other backbone providers can choose their own policy.  The
> reason for this is so that, if necessary, I can run any protocol I have a
> need to run over all circuits that I have that are connected to the same
> ISP.

Well, tough.  We all filter various things, whether that be RFC 1918
addresses, NetBIOS, or Other.  There's not a thing wrong with filtering
by default, and removing if the customer asks, and since I did it for
years without getting sued I reject your entire argument that the latter
is what will occur.

> Or are you thinking that the only clueful people in the network world exist
> at the NSPs?

No, I'm thinking 99% of them exist at the NSPs.  My experience has so
far borne this out.

Then again, I've been no higher than Tier 3, so WTF do I know?  :-)

Attachment: _bin
Description: