[32332] in North American Network Operators' Group
Re: Operational impact of filtering SMB/NETBIOS traffic?
daemon@ATHENA.MIT.EDU (Shawn McMahon)
Sun Nov 19 13:10:11 2000
Date: Sun, 19 Nov 2000 13:08:09 -0500
From: Shawn McMahon <smcmahon@eiv.com>
To: nanog@merit.edu
Message-ID: <20001119130809.B4842@eiv.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO"
Content-Disposition: inline
In-Reply-To: <47FE39302BF73B4C93BC84B87341282C1F00@condor.lvrmr.mhsc.com>; from rmeyer@mhsc.com on Sun, Nov 19, 2000 at 09:06:06AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Nov 19, 2000 at 09:06:06AM -0800, Roeland Meyer wrote:
>=20
> How closely have you looked at Samba sources? BTW, I've done it through S=
SH
> tunnels too. The problem is that some SAs (a fair large percentage) think
> that a port labeled "secure" (port 22) means that they have to take speci=
al
> care to make sure that it is blocked (yes, they are the recently
> lobotomized). So, three-quarters of the time, a VPN is not do-able and you
> are forced to go plain-text direct. If, in addition, you block the NetBIOS
> ports then you block application-level access for 80% of internet users.
So you're hypothesizing that this customer will:
1) Be behind a firewall that blocks ssh.
2) Be behind a firewall that DOESN'T block SMB.
3) Not be in a position to have that policy changed.
4) Not be violating his corporation's policies when he connects through
you.
--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6GBcJEcl9bQ0RMt0RAsF6AKCsptoTf74LfSwaSADcJAFdeWgCWgCgnkeB
WXft0v3A5t60QiGxGueqgWU=
=lrko
-----END PGP SIGNATURE-----
--M9NhX3UHpAaciwkO--
