North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Operational impact of filtering SMB/NETBIOS traffic?

  • From: Jim Mercer
  • Date: Sun Nov 19 13:41:08 2000

On Sun, Nov 19, 2000 at 10:25:18AM -0800, Roeland Meyer wrote:
> > why does the application need a "share"?  can it not just 
> > negotiate the information needed without mounting the entire
> > office over a 33.6K connection?
> You ARE joking, right? I haven't seen a 33.6K connection in years.

well, you live a sheltered life.

i'm kinda getting tired of people who design/implement wide area applications
while wearing blinders.

> > could you not use an IPSec tunnel from one LAN to another, 
> > then run SMB over that tunnel?
> > 
> > is it not possible to use ssh port forwarding to move the 
> > packets through a secure tunnel that way?
> When I can, that's what I do, via F-Secure port forwarding. However, many
> shops explicitly block port 22. This kills IPsec as well.

if many shops are explicitly blocking port 22, but allowing SMB, then they
need their heads examined.

i'm not sure how port 22 effects IPsec.

it seems that you are arguing that filtering SMB will inadvertantly effect
a bunch of boneheads that don't know what they are doing beyond point and

i don't have a problem with that.  sure would clear off a bunch of bandwidth
from my networks to further enable the users who aren't boneheads (or
being managed by boneheads).

[ Jim Mercer                 [email protected]              +1 416 410-5633 ]
[          Reptilian Research -- Longer Life through Colder Blood          ]
[  Don't be fooled by cheap Finnish imitations; BSD is the One True Code.  ]