Accessing a Samba server over the Internet
Bill Campbell
bill at camco2.celestial.com
Sat Dec 20 18:43:17 GMT 1997
On Sat, Dec 20, 1997 at 02:04:47AM +1100, Simon Greener wrote:
>Hi,
>
>I want to connect to Samba volumes on a SCO Open Server 5 over the Internet
>from my NT 4 workstation. My workstation is in a local domain and gets a
>dynamic IP address when it connects to my ISP; the Internet hostname is also
>dynamic and can't be predicted.
This is a very Bad Idea as you open your NT box up to all sorts of security
attacks when you allow access to the SMB ports ranging from winnuke, jolt,
and similar programs that can simply ``Blue Screen of Death'' your system
to allowing access to your entire hard disk and security information.
Your ISP may well have their routers configured to block all traffic on
ports 137-139 to prevent attacks on their customers (and to prevent their
customers from attacking others :-) so there's a high probability that you
couldn't connect in any case. We configure the routers at all the ISPs we
support to block these ports.
We do allow these ports to dial-in customers for access to the web
server(s) so that customers can maintain their own web pages by mounting
their home directories using SAMBA (after warning them that this leaves
them open to attacks from other local users via these ports). This works
nicely with dynamic IP addresses as the host doesn't care what the IP
address is of the client.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Systems, Inc.
UUCP: camco!bill PO Box 820; 2835 82nd Avenue S.E. S-100
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
"A man full of faith is simply one who has lost (or never had) the capacity
for clear and realistic thought. He is not a mere ass; he is actually ill.
Worse, he is incurable."
H.L. Mencken
More information about the samba
mailing list