How closely have you looked at Samba sources? BTW, I've done it through SSH tunnels too. The problem is that some SAs (a fair large percentage) think that a port labeled "secure" (port 22) means that they have to take special care to make sure that it is blocked (yes, they are the recently lobotomized). So, three-quarters of the time, a VPN is not do-able and you are forced to go plain-text direct. If, in addition, you block the NetBIOS ports then you block application-level access for 80% of internet users.
-----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Sunday, November 19, 2000 8:19 AM To: Roeland Meyer Cc: 'Scott Call'; nanog@nanog.org Subject: Re: Operational impact of filtering SMB/NETBIOS traffic?
On Sat, 18 Nov 2000 20:19:12 PST, Roeland Meyer <rmeyer@mhsc.com> said:
shares on the internet? We use SMB/Samba INSTEAD of NFS because we believe SMB to be more secure. smb.conf certainly gives more security options than exports does.
Don't confuse "more options" with "more security".
A protocol can have dozens of options, but yet be fundementally insecure. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech