NetBEUI as main protocol

[Jason Hihn]

Thanks for all your help everyone, not just John. Indeed it is a small
network, around 20 computers that this box serves, and the NetBEUI traffic
is light.

I still sort-of disagree with the "no security advantage" statement though.
While I do know of NetBEUI exploits, IMHO it is still a good technique to
hide the 'scent' of the box. Most
"s|<r1p+ |<1|)|)13s" will be focusing on TCP/IP. Up until the other day we
didn't have an internet-visible, Unix-based host behind the router. We do
now, so that is a concern of mine more than ever.

True, if the kiddy is 'elite' enough he might try a NetBEUI exploit. If that
is the case, then you're right, we're no better off. But the fact that
Microsoft is deprecating NetBEUI makes my assumption that he will not try
NetBEUI even better.

While I feel competent enough to make a solid firewall, our router to the
internet is controlled by our ISP, and that is one trust relationship that
would be sloppy of me to trust. Unfortunately, this box needs to be visible
to the internet and the NetBEUI only server. Looks like I'll have to proxy
it via a windows PC running both NetBEUI and TCP/IP. To quote Home Simpson:
"For shame!" :-)

-J

-----Original Message-----
From: samba-technical-admin at lists.samba.org
[mailto:samba-technical-admin at lists.samba.org]On Behalf Of John E.
Malmberg
Sent: Monday, December 09, 2002 9:26 PM
To: samba-technical at lists.samba.org
Subject: Re: NetBEUI as main protocol


Jason Hihn wrote:

> I've a need for Samba to work over NetBEUI. We have a file server
> here that only speaks that way to bar out TCP-based hackers,

There is a popular misconception that you can use NetBeui in this way.

There is no security advantage in use NetBEUI in this manor.

It is just as easy to block the NetBios TCP/IP ports at the router
between your private network and the one where the hackers are.

If the hackers are on the local network, the NetBios exploits work just
as well on NetBeui based networks as TCP/IP based networks.

You get the same level of security if you control the router.  You have
no additional security if you do not control the router.  Routers can be
configured to bridge NetBeui.

The only advantage that I can see to running NetBeui is that a network
recovery disk for most PCs using MS-DOS can fit on a high density floppy.

For small networks, NetBeui is more responsive than TCP/IP, but because
it is a broadcast protocol, it does not scale well.

> and now I need to move files between hat and the Linux box.  Changing
> it to use TCP is out of my authority too. I've scoured the archives,
> and the most I could come up with is a 1 year-old post saying that it
> was working, but with some patches, and only for printing.

> I am wondering if SAMBA can go over NetBEUI yet? I realize I'll
> probably have to re-compile my kernel (easy enough), but what if
> anything has to be done on the SAMBA side?

It probably will take some sort of layer to translate the NetBios over
NetBeui so that it looked like TCP/IP to SAMBA.  I do not know how much
work that would be.

-John
wb8tyw at qsl.net
Personal Opinion Only