North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Operational impact of filtering SMB/NETBIOS traffic?

  • From: Shawn McMahon
  • Date: Mon Nov 20 08:06:12 2000

On Mon, Nov 20, 2000 at 04:12:19AM -0800, Mathew Butler wrote:
> Ah, but here's the rub: Is there anything, from a business standpoint (read:
> contracts), that says that you have the right, much less the obligation, to
> make 'security' decisions for the customer?  If not, you're opening your
> company up to massive lawsuits.

Let me get this straight; you think that instead of shooting you an
email asking that the port be opened, your customer is going to call in
the lawyers and file suit?

WTF are your customers?

> It's a -very- touchy subject -- but I, as a customer, want exclusive right
> to make filtering decisions over what goes from my network to the peering
> point, where the other backbone providers can choose their own policy.  The
> reason for this is so that, if necessary, I can run any protocol I have a
> need to run over all circuits that I have that are connected to the same
> ISP.

Well, tough.  We all filter various things, whether that be RFC 1918
addresses, NetBIOS, or Other.  There's not a thing wrong with filtering
by default, and removing if the customer asks, and since I did it for
years without getting sued I reject your entire argument that the latter
is what will occur.

> Or are you thinking that the only clueful people in the network world exist
> at the NSPs?

No, I'm thinking 99% of them exist at the NSPs.  My experience has so
far borne this out.

Then again, I've been no higher than Tier 3, so WTF do I know?  :-)

Attachment: pgp00019.pgp
Description: PGP signature