[32360] in North American Network Operators' Group
Re: Operational impact of filtering SMB/NETBIOS traffic?
daemon@ATHENA.MIT.EDU (Shawn McMahon)
Mon Nov 20 08:05:14 2000
Date: Mon, 20 Nov 2000 08:03:00 -0500
From: Shawn McMahon <smcmahon@eiv.com>
To: nanog@merit.edu
Message-ID: <20001120080300.D5877@eiv.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="8nsIa27JVQLqB7/C"
Content-Disposition: inline
In-Reply-To: <F062E72E4BA2D4119F1700B0D03D205F39D1@MAIL>; from mbutler@tonbu.com on Mon, Nov 20, 2000 at 04:12:19AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
--8nsIa27JVQLqB7/C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Nov 20, 2000 at 04:12:19AM -0800, Mathew Butler wrote:
> Ah, but here's the rub: Is there anything, from a business standpoint (read:
> contracts), that says that you have the right, much less the obligation, to
> make 'security' decisions for the customer? If not, you're opening your
> company up to massive lawsuits.
Let me get this straight; you think that instead of shooting you an
email asking that the port be opened, your customer is going to call in
the lawyers and file suit?
WTF are your customers?
> It's a -very- touchy subject -- but I, as a customer, want exclusive right
> to make filtering decisions over what goes from my network to the peering
> point, where the other backbone providers can choose their own policy. The
> reason for this is so that, if necessary, I can run any protocol I have a
> need to run over all circuits that I have that are connected to the same
> ISP.
Well, tough. We all filter various things, whether that be RFC 1918
addresses, NetBIOS, or Other. There's not a thing wrong with filtering
by default, and removing if the customer asks, and since I did it for
years without getting sued I reject your entire argument that the latter
is what will occur.
> Or are you thinking that the only clueful people in the network world exist
> at the NSPs?
No, I'm thinking 99% of them exist at the NSPs. My experience has so
far borne this out.
Then again, I've been no higher than Tier 3, so WTF do I know? :-)
--8nsIa27JVQLqB7/C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6GSEEEcl9bQ0RMt0RAj4NAKDlQqlKTnAYTtNhehMuFQEgGr/h7wCeNqVv
VF3R+BTjy0SomKOONzLks5w=
=RNlZ
-----END PGP SIGNATURE-----
--8nsIa27JVQLqB7/C--
