RE: Operational impact of filtering SMB/NETBIOS traffic?
How do you proxy Netbios? -----Original Message----- From: Joe Shaw [mailto:jshaw@insync.net] Sent: Tuesday, November 14, 2000 2:44 PM To: Scott Call Cc: nanog@nanog.org Subject: Re: Operational impact of filtering SMB/NETBIOS traffic? It may break some things your customers use, like Exchange mail with NT domain authentication. Also, be aware that Netbios now operates on higher porrts on Win2k and possibly WinME (445/TCP) as well as the 135-139 range. Netbios can also be proxied via 80/TCP now as well, though I think that may only be outbound. People who design protocols like this should be tarred, feathered, and then shot. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't. On Tue, 14 Nov 2000, Scott Call wrote:
Due to an increasing number of intrusions into windows-based machines through unprotected shares, I've started filtering both incoming and outgoing traffic for our customers on ports 138/139.
So far this has caught a fair amount of traffic coming from customers, but none have called to complain about a lack of connectivity.
Because this traffic is IP traffic, I wanted to ask others on this list how they treat SMB traffic on their backbones?
Sorry, it was a poor choice of words. I should have said netbios can now be transported over 80/TCP in Win2k. I was discussing proxies with someone else and it snuck into my e-mail thought process. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't. On Tue, 14 Nov 2000, Sutantyo, Danny wrote:
How do you proxy Netbios?
After a few people e-mailed me for specifics, I was unable to find them on either technet or via the search engines. The topic came up this summer at USENIX at a talk given by Marcus Ranum on IDS, when we took a detour through firewalling, IDS, and applications that can encapsualte traffic. I know Napster was addressed as well as Netbios. However, unable to find any definitive information, I respectuflly withdraw my comment. -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't. On Tue, 14 Nov 2000, Joe Shaw wrote:
Sorry, it was a poor choice of words. I should have said netbios can now be transported over 80/TCP in Win2k. I was discussing proxies with someone else and it snuck into my e-mail thought process.
-- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named because I don't speak for them here. I have public opinions, and they don't.
participants (2)
-
Joe Shaw
-
Sutantyo, Danny