Since we started filtering netbios ports and packets directed to network or broadcast addresses from and to our modems our inbound abuse reports has virtually stopped.. and a look at the security logs shows hundreds of people simultaneously port scanning netbios ports. So far no one had complained about problems.. I dont think many people in reality use the internet for smb in its basic form, its normally businesses who might need it and assuming they're sensible they will be using vpn tunnels anyway. In answer Mike, I'm happy to let customers shoot themselves in the foot if they wish, its just the unnecessary overhead it generates I dont like. Btw these are the only filters I impose on users (I also have some stuff in place to kill spoofing from or to my users). Actually I think half the problem is the latest trend to use anti-intrusion software with so many people emailing in reports from these programs to us.. why?? i've no idea, if your system is secure dont worry..if its not then you've probably just been hacked anyhow. Does that help you understand the argument, I think smb is a source of much hassle and is virtually never used legitimatly and better off blocked from our abuse mailbox point of view! Steve -- Stephen J. Wilcox Internet Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008 On Sun, 19 Nov 2000, Mike Johnson wrote:
I've been reading this thread, and from the get go I've been wondering why an ISP would consider filtering SMB, SSH, telnet, or any other well used protocol. I suppose I'm under the opinion that an ISP should let their customers shoot themselves in the foot.
I'm not employed by an ISP. I don't pass customer traffic across my network. I don't really have much of a network (though, if all goes well, it'll get larger). However, I would get annoyed if an ISP filtered some of my traffic that I considered legitimate, even if it is some micky-mouse, insecure protocol.
If I want filtering, I'll call the ISP and ask for that service, for which they should charge. Otherwise, I'll go and buy my own firewall. They can be quite inexpensive and easy to use, even for non-network folk.
It's difficult enough to debug network issues without having my ISPs mucking with which protocols they're going to allow.
In the end, this sort of security should be up to me. If I don't like my feet, I should be allowed to add some additional metal, if I so choose.
I guess I don't understand the argument and why an ISP would want to filter SMB (quality of the protocol aside).
Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer