Accessing a Samba server over the Internet

Darrin M. Gorski dgorski at ford.com
Mon Dec 22 17:23:59 GMT 1997 

On Sun, 21 Dec 1997, Bill Campbell wrote:

> On Sat, Dec 20, 1997 at 02:04:47AM +1100, Simon Greener wrote:
> >Hi,
> >
> >I want to connect to Samba volumes on a SCO Open Server 5 over the Internet
> >from my NT 4 workstation.  My workstation is in a local domain and gets a
> >dynamic IP address when it connects to my ISP; the Internet hostname is also
> >dynamic and can't be predicted.
> 
> This is a very Bad Idea as you open your NT box up to all sorts of security
> attacks when you allow access to the SMB ports ranging from winnuke, jolt,
> and similar programs that can simply ``Blue Screen of Death'' your system
> to allowing access to your entire hard disk and security information.

Hmm... Sounds like the SCO server is the 'real-time' machine, and the NT
Workstation is the dialup. I'm not sure I follow your 'Bad Idea'
description. Any dial-up PC would also be vulnerable, regardless of
whether Samba is involved or not.

> Your ISP may well have their routers configured to block all traffic on
> ports 137-139 to prevent attacks on their customers (and to prevent their
> customers from attacking others :-) so there's a high probability that you
> couldn't connect in any case.  We configure the routers at all the ISPs we
> support to block these ports.

He he, I'm sure Microsoft would LOVE to hear that. Be careful, they may
sue you for protocol descrimination. ;-)

> We do allow these ports to dial-in customers for access to the web
> server(s) so that customers can maintain their own web pages by mounting
> their home directories using SAMBA (after warning them that this leaves
> them open to attacks from other local users via these ports).  This works
> nicely with dynamic IP addresses as the host doesn't care what the IP
> address is of the client.

                                [Darrin]

 "I have no special gift. I am only passionately curious."
				- A. Einstein

Darrin M. Gorski, Research Computer Systems Network Support
Scientific Research Laboratories, Ford Motor Company
Internet: dgorski at ford.com | Tel/Fax: +1 (313) 248-3753

More information about the samba mailing list