RE: Operational impact of filtering SMB/NETBIOS traffic?
From: Jim Mercer [mailto:jim@reptiles.org] Sent: Saturday, November 18, 2000 8:49 PM
You are considering killing off a whole bunch of legitimate use because some are too brain-dead to not have unintentional shares on
On Sat, Nov 18, 2000 at 08:19:12PM -0800, Roeland Meyer wrote: the internet?
well, maybe if there was a global filter on SMB then the brain-dead company that produces the brain-dead software will wake up and realize that maybe it shouldn't produce software that by default leaves their users open to intrusion or viruses.
You are assuming (wrongly) that microshit is the only one using that protocol. Have you never heard of the samba project? I remember explicitly referencing smb.conf files. That's Unix/Samba bud. I also mentioned that it works better than NFS. I don't recall microshit-anything shipping with NFS. Believe it or not, one or two of us actually know what we're doing.
geez, if the filter was there, are you saying that people who _need_ SMB shares are too brain-dead to come up with a straight forward way to make it get around the filter?
There is no straight-forward way around a filter, by definition the straight-forward way is to not have the filter!
On Sun, Nov 19, 2000 at 02:38:04AM -0800, Roeland Meyer wrote:
You are assuming (wrongly) that microshit is the only one using that protocol. Have you never heard of the samba project? I remember explicitly referencing smb.conf files. That's Unix/Samba bud. I also mentioned that it works better than NFS. I don't recall microshit-anything shipping with NFS. Believe it or not, one or two of us actually know what we're doing.
as far as samba working better than NFS, that is a religious argument. if you are using SMB to share files between unix systems, then i have a bit of trouble with that last line of the above. personally, i can't think of any applications where i would attempt to do any kinda filesystem sharing across the internet. i suspect the widespread use of SMB on the internet is again, because of the brain-dead applications produced by a braindead company and software produced by lazy programmers working in the braindead company's API's. why does the application need a "share"? can it not just negotiate the information needed without mounting the entire office over a 33.6K connection?
geez, if the filter was there, are you saying that people who _need_ SMB shares are too brain-dead to come up with a straight forward way to make it get around the filter?
There is no straight-forward way around a filter, by definition the straight-forward way is to not have the filter!
no, the brain-dead easy way around the filter is to have no filter at all. i'm not an SMB user (outside a few LAN's where we explicitly drop it all on the floor before it gets out of the network). could you not use an IPSec tunnel from one LAN to another, then run SMB over that tunnel? is it not possible to use ssh port forwarding to move the packets through a secure tunnel that way? -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
participants (2)
-
Jim Mercer
-
Roeland Meyer