NetBEUI as main protocol

John E. Malmberg wb8tyw at
Wed Dec 11 05:16:01 GMT 2002

Christopher R. Hertel wrote:

> On Mon, Dec 09, 2002 at 09:26:24PM -0500, John E. Malmberg wrote:
>> Jason Hihn wrote:
>>> I've a need for Samba to work over NetBEUI. We have a file server
>>>  here that only speaks that way to bar out TCP-based hackers,
>> There is a popular misconception that you can use NetBeui in this
>> way.
> We use it that way here at the University.

But not to isolate LAN traffic from the public Internet.

>> There is no security advantage in use NetBEUI in this manor.
> Hmmm?

Ok, attacks are limited to people that you share a router leg with.  On 
a broadband ISP that could be several subnets that appear to be on 
separate lines but are not.

The most likely exploit would be the WIN-POPUP spam.  But who knows what 
other holes that a virus might be able to exploit.

Since the subnets rarely connect to each other, the symptom of duplicate 
traffic from the "router on a stick" configuration usually does not 
apply.  ISPs do this, but a campus LAN would not.

>> It is just as easy to block the NetBios TCP/IP ports at the router 
>> between your private network and the one where the hackers are.
> I have hundreds of routers.  Some people want those ports open,
> others not.  Ouch.  Managmenet nightmare.  I really don't want to
> maintain a per-port security configuration database.

Yours is clearly a different case than the typical small home or small 
business LAN.

wb8tyw at
Personal Opinion Only

More information about the samba-technical mailing list