[ On Sunday, November 19, 2000 at 10:25:18 (-0800), Roeland Meyer wrote: ]
Subject: RE: Operational impact of filtering SMB/NETBIOS traffic?
No it isn't, NFS has known exploits. I've had a server owned three times in the past four years, twice via BIND and once via NFS. None via Samba.
And you're sure there aren't any vulnerabilities in Samba, or more importantly in the actual protocols used by Samba? I'm sure bunches of crackers would be surprised to hear that! I know for sure that there are vulnerabilities in the client side! :-) Meanwhile I'll go on record as also saying that any bonehead who thinks he or she can run plain old NFS securely over a public network is in just as much a need of a clue-by-4 to the side of the head as the boneheads running SMB. Of course with my network operator hat on I'm not so sure I want to get into a position where both sets of boneheads are yelling at me for blocking their traffic. I don't have enough clue-by-4's handy to educate then all with, or even enough time to wield them. So long as those types of traffic don't present a DoS against my network then I'll happily let them all do damage to themselves by themselves -- it's just not my responsibility as a network operator to get in their way. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>