[Samba] Firewall piercing - The Specified network name is no

Fri Feb 11 00:05:56 GMT 2005

On Thu, 10 Feb 2005, Robert Schetterer wrote:

> Date: Thu, 10 Feb 2005 22:20:30 +0100
> From: Robert Schetterer <robert at schetterer.org>
> To: Paul Gienger <pgienger at ae-solutions.com>
> Cc: samba at lists.samba.org, Gordon Russell <russell at co.clarke.va.us>
> Subject: Re: [Samba] Firewall piercing - The Specified network name is no
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi @ll,
> following this a longer time now,
> i want to say open smb to web is a total security desaster.
> You will be hacked i minutes by broadcasting smb scanners.

HOW?

If Samba is so easily "hackable"... HOW?

This is *Samba*.
On a SPARC.
Running OpenBSD.

You wanna tell me how the 31337 h4x0r types-- who are used to 0wning
PeeCees running Win9x, not freaking UltraSPARCs running OpenBSD and
SPARC-- are going to "hack" me within a minute?

> As others recommend before , use a tunnelstuff i.e openvpn,pptpd,ipsec
> to tunnel smb in this, or simple use a apache with webdav
> which is shown as a network share too in windows,with same features as
> smb shares.
> Winscp is a very good solution too.
> Last word about your users, if they want to connect
> via the internet via smb , their clients must open smb too,
> so they will be vulnerable too, they dont will feel very cool

Um, what?

How does acting as an SMB --CLIENT-- put one at risk?

> finding their Bank accounts numbers after a few days, or their private files
> somewhere in the internet stolen from some kids.
> As all this stuff is freeware and mostly included in windows and in the
> most nix distros , there should be no problem to setup a secure
> smb or equal quality connect through the web.
> Note: smb is not the solution you need , Apache with webdav will do it
> quite good.
> Best Regards
>
>
> Paul Gienger schrieb:
> |
> |> Dude -- Your arrogant attitude towards getting help and resolving your
> |> problem is not getting you anywhere -- its obviously problematic to
> |> pump  SMB/CIFS into the internet the way you would like to.  Why don't
> |> you look at a simpler solution like running an anonymous ftp server
> |> and then your pathetic windoze users can just type:
> |
> |
> | The problem here is that *he* is the user that wants to use smb
> | bare-assed over the internet.  I doubt this would be that much of an
> | issue if it were a user, since a respected sysadmin can usually tell
> | someone how they should be using a network resource, unless the user is
> | braindead upper management unfortunately.  We're into the "I'd really
> | like to do it this way for no apparent gain" zone on this one.
> |
> | Lets all just let this one die.  No poster has touched the issue he's
> | having, and from the people that have posted it doesn't look like anyone
> | is going to be attempting to help, not because no one knows, but because
> | it's been deemed a WTF issue.  If Mr. Blank gets this one to work he'll
> | have one more "I did a cool thing one day" feather in his cap when he
> | goes client scouting.
> |
> |>
> |> ftp://server/directory
> |>
> |> POOF
> |>
> |>> Please read my points on this sort of "solution" in the past. The whole
> |>> REASON I want to use Plain Vanilla SMB is so I can walk up to ANY
> |>> Windoze
> |>> machine on the entire flippin' Internet and go:
> |>>
> |>> Start
> |>> Run
> |>> \\IP_ADDRESS\sharename
> |>> (username)
> |>> (password)
> |>>
> |>> POOF.
> |>
> |>
> |>
> |
>
> - --
> Mit freundlichen Gruessen
> Best Regards
> Robert Schetterer
>
> robert_at_schetterer.org
> Munich / Bavaria / Germany
> https://www.schetterer.org
>
> \**********************************
> \* gnupgp
> \* public key:
> \* https://www.schetterer.org/public.key
> \**********************************
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCC9Ae+Jw+56iSjEkRAkGQAKCaK23JYwvWGD/oPvZF3WwHe7l2vACgmeAD
> UeyREkvpDINTuTkgGWaaQQ0=
> =KfoG
> -----END PGP SIGNATURE-----
>

--
J. L. Blank, Systems Administrator, twu.net
-------------- next part --------------
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba