[..]
The point is this: 137-139 are used for NetBIOS and Samba, neither of which are secure (or even supported by their vendors, AFAIK) for use out on the Internet. I think we can all agree that anyone using them in that situation, shouldn't be.
I don't at all disagree. But, this isn't the same question as.. does this equal to automatically and strictly blocking such traffic? Who am I to say a customer can't use them if they decide to do so? Etc etc. Now, that isn't the same as saying 'I must not provide a mechanism for customers to protect themselves if they want to'. The opposite is true, I would like to see such mechanisms. And I think this conversation would be a lot more fruitful if we focused on how to provide mechanisms that are opt-in/opt-out/whatever and how to deal with operational, legal, engineering impact of such a decision, and provide this in a transparent, easily managable fashion to the customer. -- Christian Kuhtz <ck@arch.bellsouth.net> -wk, <ck@gnu.org> -hm Sr. Architect, Engineering & Architecture, BellSouth.net, Atlanta, GA, U.S. "I speak for myself only."