[32335] in North American Network Operators' Group
Re: Operational impact of filtering SMB/NETBIOS traffic?
daemon@ATHENA.MIT.EDU (Jim Mercer)
Sun Nov 19 13:40:16 2000
Date: Sun, 19 Nov 2000 13:38:06 -0500
From: Jim Mercer <jim@reptiles.org>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: nanog@nanog.org
Message-ID: <20001119133805.H29322@reptiles.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <47FE39302BF73B4C93BC84B87341282C1F03@condor.lvrmr.mhsc.com>; from rmeyer@mhsc.com on Sun, Nov 19, 2000 at 10:25:18AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Nov 19, 2000 at 10:25:18AM -0800, Roeland Meyer wrote:
> > why does the application need a "share"? can it not just
> > negotiate the information needed without mounting the entire
> > office over a 33.6K connection?
>
> You ARE joking, right? I haven't seen a 33.6K connection in years.
well, you live a sheltered life.
i'm kinda getting tired of people who design/implement wide area applications
while wearing blinders.
> > could you not use an IPSec tunnel from one LAN to another,
> > then run SMB over that tunnel?
> >
> > is it not possible to use ssh port forwarding to move the
> > packets through a secure tunnel that way?
>
> When I can, that's what I do, via F-Secure port forwarding. However, many
> shops explicitly block port 22. This kills IPsec as well.
if many shops are explicitly blocking port 22, but allowing SMB, then they
need their heads examined.
i'm not sure how port 22 effects IPsec.
it seems that you are arguing that filtering SMB will inadvertantly effect
a bunch of boneheads that don't know what they are doing beyond point and
click.
i don't have a problem with that. sure would clear off a bunch of bandwidth
from my networks to further enable the users who aren't boneheads (or
being managed by boneheads).
--
[ Jim Mercer jim@reptiles.org +1 416 410-5633 ]
[ Reptilian Research -- Longer Life through Colder Blood ]
[ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
