necessary to bind TCP/IP to Microsoft network client?
Dieter Rothacker
Didi at ThePentagon.com
Fri Oct 31 09:03:30 GMT 1997
Simon Hyde wrote:
>
> >my office mate says that TCP/IP should not be bound to
> >any clients since then that allows the security loop
> >hole that people on the outside internet can access
> >ourfile systems on the those clients.
> >
> >But: If I do bind TCP/IP to the microsoft client I
> >*CAN* see the samba server just fine.
> >
> >do I *have* to have this binding on the client machine
> >in order for samba to work? I have a feeling that
> >samba does everything via TCP/IP and not IPX and as
> >a result all the clients around here are going to
> >have to bind TCP/IP to microsoft network client and
> >thus open up security problems.
> Samba only works over TCP/IP, therefore you have to bind the clients to
> TCP/IP. However I believe the particular security whole you are talking
> about is the winnuke bug, for which there are quite a few fixes hanging
> around, just stick 'winnuke' into yahoo and it should flag up some pages
> with useful information on how to solve this particular problem.
No, I believe they worry about having no "Allow clients =" line in
Windows, so if you enable NB over TCP/IP, everybody in the whole world
can access your shares if they are not password protected.
I do not know a solution to this, however it seems that in Win98 betas
there is a switch "access for local hosts only" or something...
Dieter Rothacker
More information about the samba
mailing list