North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Operational impact of filtering SMB/NETBIOS traffic?
On Sun, 19 Nov 2000, Shawn McMahon wrote: > There are other issues with Microsoft's networking protocols than just > unintentional shares. It leaks potentially lethal information like a sieve. > > Letting it willy-nilly through your firewalls is an invitation to have > compromised hosts on your network. > > It should be filtered by default, and only un-filtered by request; and that > with the understanding that if it even looks like you might be owned, you get > cut off until there's an explanation. This is a sound policy for the administrator of a firewall. I don't think it is a policy at all for the administrators of service-provider networks, since what the SP is providing is access. I'm not terribly excited about the idea of edge filtering on the ISP network. I don't think it is my job to tell customers what they can and cannot run, in terms of IP traffic, until it violates an AUP. If we need better tools to tell us when a customer is the source of a DoS attack or some other violation of AUP ... some sort of alarm to let the SP know if a customer has been compromised ... I'd be much happier implementing that rather than denying traffic because it is a potential method of attack. Carried to the extreme (which someone will always do) blocking NBT traffic doesn't make nearly as much sense as blocking ICMP by default. It would be much harder to source a DoS attack from one of my customers if they couldn't pass ICMP traffic. However, I think the customers would quickly decide that securing them wasn't my job and go in search of a less draconian ISP. -travis