[32338] in North American Network Operators' Group
RE: Operational impact of filtering SMB/NETBIOS traffic?
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Sun Nov 19 14:41:46 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@weird.com (Greg A. Woods)
To: nanog@nanog.org
In-Reply-To: <47FE39302BF73B4C93BC84B87341282C1F03@condor.lvrmr.mhsc.com>
Reply-To: nanog@merit.edu (North America Network Operators Group Mailing List)
Message-Id: <20001119193940.1B4F44@proven.weird.com>
Date: Sun, 19 Nov 2000 14:39:40 -0500 (EST)
Errors-To: owner-nanog-outgoing@merit.edu
[ On Sunday, November 19, 2000 at 10:25:18 (-0800), Roeland Meyer wrote: ]
> Subject: RE: Operational impact of filtering SMB/NETBIOS traffic?
>
>
> No it isn't, NFS has known exploits. I've had a server owned three times in
> the past four years, twice via BIND and once via NFS. None via Samba.
And you're sure there aren't any vulnerabilities in Samba, or more
importantly in the actual protocols used by Samba? I'm sure bunches of
crackers would be surprised to hear that! I know for sure that there
are vulnerabilities in the client side! :-)
Meanwhile I'll go on record as also saying that any bonehead who thinks
he or she can run plain old NFS securely over a public network is in
just as much a need of a clue-by-4 to the side of the head as the
boneheads running SMB.
Of course with my network operator hat on I'm not so sure I want to get
into a position where both sets of boneheads are yelling at me for
blocking their traffic. I don't have enough clue-by-4's handy to
educate then all with, or even enough time to wield them. So long as
those types of traffic don't present a DoS against my network then I'll
happily let them all do damage to themselves by themselves -- it's just
not my responsibility as a network operator to get in their way.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
