[Samba] Firewall piercing - The Specified network name is no

Robert Schetterer robert at schetterer.org
Thu Feb 10 21:20:30 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi @ll,
following this a longer time now,
i want to say open smb to web is a total security desaster.
You will be hacked i minutes by broadcasting smb scanners.
As others recommend before , use a tunnelstuff i.e openvpn,pptpd,ipsec
to tunnel smb in this, or simple use a apache with webdav
which is shown as a network share too in windows,with same features as
smb shares.
Winscp is a very good solution too.
Last word about your users, if they want to connect
via the internet via smb , their clients must open smb too,
so they will be vulnerable too, they dont will feel very cool
finding their Bank accounts numbers after a few days, or their private files
somewhere in the internet stolen from some kids.
As all this stuff is freeware and mostly included in windows and in the
most nix distros , there should be no problem to setup a secure
smb or equal quality connect through the web.
Note: smb is not the solution you need , Apache with webdav will do it
quite good.
Best Regards


Paul Gienger schrieb:
|
|> Dude -- Your arrogant attitude towards getting help and resolving your
|> problem is not getting you anywhere -- its obviously problematic to
|> pump  SMB/CIFS into the internet the way you would like to.  Why don't
|> you look at a simpler solution like running an anonymous ftp server
|> and then your pathetic windoze users can just type:
|
|
| The problem here is that *he* is the user that wants to use smb
| bare-assed over the internet.  I doubt this would be that much of an
| issue if it were a user, since a respected sysadmin can usually tell
| someone how they should be using a network resource, unless the user is
| braindead upper management unfortunately.  We're into the "I'd really
| like to do it this way for no apparent gain" zone on this one.
|
| Lets all just let this one die.  No poster has touched the issue he's
| having, and from the people that have posted it doesn't look like anyone
| is going to be attempting to help, not because no one knows, but because
| it's been deemed a WTF issue.  If Mr. Blank gets this one to work he'll
| have one more "I did a cool thing one day" feather in his cap when he
| goes client scouting.
|
|>
|> ftp://server/directory
|>
|> POOF
|>
|>> Please read my points on this sort of "solution" in the past. The whole
|>> REASON I want to use Plain Vanilla SMB is so I can walk up to ANY
|>> Windoze
|>> machine on the entire flippin' Internet and go:
|>>
|>> Start
|>> Run
|>> \\IP_ADDRESS\sharename
|>> (username)
|>> (password)
|>>
|>> POOF.
|>
|>
|>
|

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**********************************
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**********************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCC9Ae+Jw+56iSjEkRAkGQAKCaK23JYwvWGD/oPvZF3WwHe7l2vACgmeAD
UeyREkvpDINTuTkgGWaaQQ0=
=KfoG
-----END PGP SIGNATURE-----


More information about the samba mailing list