[32330] in North American Network Operators' Group
RE: Operational impact of filtering SMB/NETBIOS traffic?
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Sun Nov 19 12:07:48 2000
Message-ID: <47FE39302BF73B4C93BC84B87341282C1F00@condor.lvrmr.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'Valdis.Kletnieks@vt.edu'" <Valdis.Kletnieks@vt.edu>,
Roeland Meyer <rmeyer@mhsc.com>
Cc: 'Scott Call' <scall@devolution.com>, nanog@nanog.org
Date: Sun, 19 Nov 2000 09:06:06 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
How closely have you looked at Samba sources? BTW, I've done it through SSH
tunnels too. The problem is that some SAs (a fair large percentage) think
that a port labeled "secure" (port 22) means that they have to take special
care to make sure that it is blocked (yes, they are the recently
lobotomized). So, three-quarters of the time, a VPN is not do-able and you
are forced to go plain-text direct. If, in addition, you block the NetBIOS
ports then you block application-level access for 80% of internet users.
> -----Original Message-----
> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
> Sent: Sunday, November 19, 2000 8:19 AM
> To: Roeland Meyer
> Cc: 'Scott Call'; nanog@nanog.org
> Subject: Re: Operational impact of filtering SMB/NETBIOS traffic?
>
>
> On Sat, 18 Nov 2000 20:19:12 PST, Roeland Meyer
> <rmeyer@mhsc.com> said:
> > shares on the internet? We use SMB/Samba INSTEAD of NFS
> because we believe
> > SMB to be more secure. smb.conf certainly gives more
> security options than
> > exports does.
>
> Don't confuse "more options" with "more security".
>
> A protocol can have dozens of options, but yet be
> fundementally insecure.
> --
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
>
>
