North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Operational impact of filtering SMB/NETBIOS traffic?

  • From: Mathew Butler
  • Date: Mon Nov 20 07:20:25 2000

Title: RE: Operational impact of filtering SMB/NETBIOS traffic?

Ah, but here's the rub: Is there anything, from a business standpoint (read: contracts), that says that you have the right, much less the obligation, to make 'security' decisions for the customer?  If not, you're opening your company up to massive lawsuits.

It's a -very- touchy subject -- but I, as a customer, want exclusive right to make filtering decisions over what goes from my network to the peering point, where the other backbone providers can choose their own policy.  The reason for this is so that, if necessary, I can run any protocol I have a need to run over all circuits that I have that are connected to the same ISP.

If it is shown that my network is relaying spam traffic, or is otherwise abusing the precepts of "Maintain Control Over What Flows In To And Out Of Your Network", only -then- would I think that control should be exercised by the NSP, and only then to the extent necessary to stop the abuse.  And a hefty fine should be imposed on my company in that circumstance.

Or are you thinking that the only clueful people in the network world exist at the NSPs?

-Mat Butler

-----Original Message-----
From: Shawn McMahon [mailto:[email protected]]
Sent: Sunday, November 19, 2000 4:53 AM
To: [email protected]
Subject: Re: Operational impact of filtering SMB/NETBIOS traffic?

On Sat, Nov 18, 2000 at 08:19:12PM -0800, Roeland Meyer wrote:
> because we want shares. You are considering killing off a whole bunch of
> legitimate use because some are too brain-dead to not have unintentional
> shares on the internet?

There are other issues with Microsoft's networking protocols than just
unintentional shares.  It leaks potentially lethal information like a sieve.

Letting it willy-nilly through your firewalls is an invitation to have
compromised hosts on your network.

It should be filtered by default, and only un-filtered by request; and that
with the understanding that if it even looks like you might be owned, you get
cut off until there's an explanation.