NetBEUI as main protocol
John E. Malmberg
wb8tyw at qsl.net
Wed Dec 11 05:16:01 GMT 2002
Christopher R. Hertel wrote:
> On Mon, Dec 09, 2002 at 09:26:24PM -0500, John E. Malmberg wrote:
>
>> Jason Hihn wrote:
>>
>>> I've a need for Samba to work over NetBEUI. We have a file server
>>> here that only speaks that way to bar out TCP-based hackers,
>>
>> There is a popular misconception that you can use NetBeui in this
>> way.
>
> We use it that way here at the University.
But not to isolate LAN traffic from the public Internet.
>> There is no security advantage in use NetBEUI in this manor.
>
> Hmmm?
Ok, attacks are limited to people that you share a router leg with. On
a broadband ISP that could be several subnets that appear to be on
separate lines but are not.
The most likely exploit would be the WIN-POPUP spam. But who knows what
other holes that a virus might be able to exploit.
Since the subnets rarely connect to each other, the symptom of duplicate
traffic from the "router on a stick" configuration usually does not
apply. ISPs do this, but a campus LAN would not.
>> It is just as easy to block the NetBios TCP/IP ports at the router
>> between your private network and the one where the hackers are.
>
> I have hundreds of routers. Some people want those ports open,
> others not. Ouch. Managmenet nightmare. I really don't want to
> maintain a per-port security configuration database.
Yours is clearly a different case than the typical small home or small
business LAN.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the samba-technical
mailing list